Lucene search
K

284 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/05 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : python-reportlab (SUSE-SU-2023:3972-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3972-1 advisory. - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input...

9.8CVSS7.9AI score0.04452EPSS
Exploits0References4
OSV
OSV
added 2023/10/04 2:11 p.m.6 views

SUSE-SU-2023:3972-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input. bsc1215560...

9.8CVSS9.7AI score0.04452EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/10/02 12:0 a.m.26 views

Debian: Security Advisory (DLA-3590-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.04452EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/09/30 12:0 a.m.22 views

Debian dla-3590 : python-renderpm - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3590 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3590-1 [email protected]...

9.8CVSS8.5AI score0.10231EPSS
Exploits2References8
Debian
Debian
added 2023/09/29 7:57 p.m.70 views

[SECURITY] [DLA 3590-1] python-reportlab security update

Debian LTS Advisory DLA-3590-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 29, 2023 https://wiki.debian.org/LTS Package : python-reportlab Version : 3.5.13-1+deb10u2 CVE ID : CVE-2019-19450 CVE-2020-28463 Security issues were discovered in...

9.8CVSS7.6AI score0.10231EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2023/09/22 4:54 a.m.34 views

CVE-2019-19450

A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution. Mitigation Mitigatio...

9.8CVSS9.7AI score0.10231EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/09/22 2:34 a.m.3 views

SUSE CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

7.7CVSS8.2AI score0.04452EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/09/20 3:30 p.m.5 views

bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-19450 via reportlab (>=3.1.44 <=3.5.26)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-19450 Source advisory: OSV:GHSA-PJ98-2XF6-CFF5...

9.8CVSS7.2AI score0.04452EPSS
Exploits0
OSV
OSV
added 2023/09/20 3:30 p.m.26 views

GHSA-PJ98-2XF6-CFF5 ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS9.9AI score0.04452EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/09/20 3:30 p.m.31 views

ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS7.9AI score0.04452EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/09/20 2:15 p.m.1 views

DEBIAN-CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS9.4AI score0.04452EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 2:15 p.m.27 views

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS9.8AI score0.04452EPSS
Exploits0References7
OSV
OSV
added 2023/09/20 2:15 p.m.6 views

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS9.7AI score
Exploits0References7
Prion
Prion
added 2023/09/20 2:15 p.m.21 views

Remote code execution

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

7.5CVSS9.6AI score0.10231EPSS
Exploits1References3Affected Software2
UbuntuCve
UbuntuCve
added 2023/09/20 2:15 p.m.34 views

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS7.8AI score0.04452EPSS
Exploits0References3
OSV
OSV
added 2023/09/20 2:15 p.m.4 views

UBUNTU-CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS6.5AI score0.04452EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.4 views

ReportLab Security Breach

ReportLab is an open source engine for creating data-driven PDF documents and custom vector graphics from ReportLab Denmark. A security vulnerability exists in ReportLab versions prior to 3.5.31, which stems from a remote code execution allowed by paraparser, where startunichar in paraparser.py...

9.8CVSS7.9AI score0.04452EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/09/20 12:0 a.m.35 views

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS10AI score0.04452EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.4 views

PT-2023-6316

Name of the Vulnerable Software and Affected Versions ReportLab versions prior to 3.5.31 Description The issue is related to the start unichar function in paraparser.py, which incorrectly processes XML documents. This allows a remote attacker to execute arbitrary code by crafting a malicious XML...

10CVSS7.3AI score0.04452EPSS
Exploits6References45
CVE
CVE
added 2023/09/20 12:0 a.m.187 views

CVE-2019-19450

CVE-2019-19450 affects the Python library python-reportlab (paraparser.py). A crafted XML document can cause remote code execution because start_unichar evaluates untrusted input in a element. Impact is high (as per CVSS in the entry). Remediation is to upgrade to a version where the issue is fi...

9.8CVSS9.7AI score0.04452EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder