1255 matches found
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...
Mageia: Security Advisory (MGASA-2024-0067)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0067 Updated jupyter-notebook packages fix security vulnerabilities
Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...
Updated jupyter-notebook packages fix security vulnerabilities
Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...
PT-2024-2539 · Lenovo · Lenovo Notebook
Name of the Vulnerable Software and Affected Versions: Lenovo Notebook products affected versions not specified Description: A potential memory leakage vulnerability was reported in some Lenovo Notebook products. This issue may allow a local attacker with elevated privileges to write to NVRAM...
BIT-GITLAB-2022-2428
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests...
BIT-JUPYTER-NOTEBOOK-2020-26215 Open redirect in Jupyter Notebook
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for know...
BIT-JUPYTER-BASE-NOTEBOOK-2020-26215 Open redirect in Jupyter Notebook
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for know...
BIT-JUPYTER-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
BIT-JUPYTER-BASE-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
BIT-JUPYTER-NOTEBOOK-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...
BIT-JUPYTER-BASE-NOTEBOOK-2022-24758 Insertion of Sensitive Information into Log File affects Jupyter Notebook
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...
BIT-JUPYTER-NOTEBOOK-2022-29238 Forced Browsing in Jupyter Notebook
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...
BIT-JUPYTER-BASE-NOTEBOOK-2022-29238 Forced Browsing in Jupyter Notebook
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...
Cross Site Scripting (XSS)
mlflow is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization while executing a recipe with an untrusted dataset, which results in client-side RCE in the Jupyter Notebook...
Cross Site Scripting (XSS)
mlflow is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of sanitization within the STACKTRACE and SCHEMA template variables, resulting in a client-side RCE when running an untrusted recipe in Jupyter Notebook...
Cross-site Scripting in MLFlow
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
GHSA-6749-M5CP-6CG7 Cross-site Scripting in MLFlow
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
GHSA-3V79-Q7PH-J75H MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...