EUVD-2023-0697

Malicious code in bioql PyPI...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-48848

CVE-2023-48848 affects ureport v2.2.9, where an arbitrary file read is possible on the server by supplying a crafted path. The issue is described across multiple connected documents (Red Hat, Veracode, CNNVD, GHSA, OSV, and CVE lists) as a vulnerability in ureport2-core that allows reading files ...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

CVE-2023-24187

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code by uploading a crafted XML file to /ureport/designer/saveReportFile. Root cause: lack of sanitization for external entities in the XML parsing. Impact: arbitrary code execution; local attack ve...

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

Directory traversal

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

Server side request forgery (ssrf)

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...