OPENSUSE-SU-2024:12148-1 jupyter-notebook-6.4.12-1.1 on GA media

These are all security issues fixed in the jupyter-notebook-6.4.12-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11242-1 jupyter-notebook-6.2.0-1.4 on GA media

These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10377-1 python3-jupyter_notebook-4.2.3-1.1 on GA media

These are all security issues fixed in the python3-jupyternotebook-4.2.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13606-1 jupyter-notebook-7.0.7-1.1 on GA media

These are all security issues fixed in the jupyter-notebook-7.0.7-1.1 package on the GA media of openSUSE Tumbleweed...

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

VSCode ipynb Remote Development RCE

VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

VSCode ipynb Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSCode ipynb Remote Development RCE', 'Description' = %q VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On version...

SUSE CVE-2021-32797

JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn't sanitize the action attribute of html . Using this it is possible to trigger the form...

CVE-2024-31865

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version...

CVE-2024-31865

CVE-2024-31865 affects Apache Zeppelin due to an Improper Input Validation in the cron API, allowing arbitrary user impersonation with insufficient privileges. Affected versions are 0.8.2 up to before 0.11.1; upgrading to 0.11.1 or later fixes the issue. The CVE entry and linked sources (Red Hat,...

CVE-2024-31863 Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue...

CVE-2024-31863 Apache Zeppelin: Replacing other users notebook, bypassing any permissions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue...

CVE-2023-5912

A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-5912

A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-5912

A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables...

Lenovo Notebook 安全漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. A security vulnerability exists in Lenovo Notebook that stems from the presence of a memory leak...

The vulnerability of the System Management Mode (SMM) implementation in Lenovo notebook software allows a hacker to escalate their privileges and execute arbitrary code.

The vulnerability of the System Management Mode SMM implementation in Lenovo notebook microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of Acer notebook microprogramming software, related to writing outside the buffer, allows a hacker to execute arbitrary code.

The vulnerability of Acer notebook microprogramming software relates to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

BIT-MLFLOW-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

BIT-MLFLOW-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...