The vulnerability of the System Management Mode (SMM) implementation in HP notebook BIOS microprogramming systems allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the System Management Mode SMM implementation in HP notebook BIOS microprogramming systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause system failures...

jakartanotebook.com Cross Site Scripting vulnerability OBB-2857864

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PYSEC-2022-249

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

UBUNTU-CVE-2021-32862

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

The vulnerability of the visual analysis tool IBM i2 Analyst’s Notebook arises from buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the IBM i2 Analyst’s Notebook visual analysis tool arises from an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a attacker to execute arbitrary code using a specially created file...

Cross Site Scripting (XSS)

Nbconvert is vulnerable to Cross Site Scripting XSS. The vulnerability is due to multiple instances where a Jupyter notebook can inject unescaped HTML into the metadata when exported as HTML. An attacker in control of a notebook can inject arbitrary Javascript that will be executed when a user...

PT-2022-10098 · Nbconvert +1 · Nconvert +1

Name of the Vulnerable Software and Affected Versions: nbconvert version 5.5.0 Description: The GitHub Security Lab discovered a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary...

CVE-2022-31178

CVE-2022-31178 affects the eLabFTW electronic lab notebook. A vulnerability allows a logged-in user to read a template without proper authorization. Red Hat and other sources corroborate the issue and note a fix in version 4.3.4. Affected systems should upgrade to 4.3.4 or later to remediate. If ...

Fedora: Security Advisory for python-notebook (FEDORA-2022-35b698150c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-notebook (FEDORA-2022-85aa8e5706)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python-notebook-6.4.0-4.fc35

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 36 Update: python-notebook-6.4.11-3.fc36

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

The vulnerability of the ReadyBootDxe driver of Lenovo notebook microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the ReadyBootDxe driver of Lenovo notebook microprogramming software is related to buffer overflow. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2022-3640 · Lenovo · Systemloaddefaultdxe Driver

Name of the Vulnerable Software and Affected Versions: Lenovo Notebook products affected versions not specified Description: A buffer overflow in the SystemLoadDefaultDxe driver may allow an attacker with local privileges to execute arbitrary code. The issue is related to the SystemLoadDefaultDxe...

PT-2022-3641 · Lenovo · Readybootdxe

Name of the Vulnerable Software and Affected Versions: Lenovo Notebook products affected versions not specified Description: A buffer overflow issue in the ReadyBootDxe driver may allow an attacker with local privileges to execute arbitrary code. This issue is related to the driver's functionalit...

Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

No description provided...

pyesasky 安全漏洞

pyesasky is an ESASky widget for Jupyter Notebook by the esdc-esac-esa-int individual developer. A security vulnerability exists in pyesasky. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP5. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.2. The following 3rd party components are used by IBM Cognos Analytics: Apache Axis is a Java based Web Services engine f...

Token bruteforcing.

Impact What kind of vulnerability is it? Who is impacted? Authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories i.e. hidden files were...

3deecelltracker (>=0.5.0a0 <=1.0.0), abracadabra (>=0.0.0 <=0.0.7) +101 more potentially affected by CVE-2022-29238 via notebook (>=4.2.3 <=6.4.11)

notebook PYPI version =4.2.3, =0.5.0a0, =0.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =1.0.1, =0.0.48, =0.0.2a0, =1.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.2.1 - combnetdep =1.0.0 and more Source cves: CVE-2022-29238 Source advisory: OSV:GHSA-V7VQ-3X77-87VG...