39 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : haveged vulnerability (USN-8358-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8358-1 advisory. It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use th...
CVE-2026-46440
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...
USN-8358-1: haveged vulnerability
It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...
USN-8358-1 haveged vulnerability
It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...
CLSA-2026-1778573628 dovecot: Fix of 2 CVEs
CVE-2026-27855: use translated username in authcacheremove to prevent OTP authentication replay attack - CVE-2026-27856: use timing-safe credential comparison in doveadm HTTP and TCP authentication paths...
UBUNTU-CVE-2025-14282
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...
CVE-2025-14282
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...
EUVD-2002-1075
Malware in sbrugna...
EUVD-2003-1560
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-40170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents,...
Fedora 39 : python-jupyter-server (2023-3d77cfc654)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d77cfc654 advisory. Security update with fixes for CVE-2023-39968 and CVE-2023-40170 Tenable has extracted the preceding description block directly from the Fedora...
Fedora 38 : python-jupyter-server (2023-88c411e973)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-88c411e973 advisory. Security fix for python-jupyter-server. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
SUSE CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
UBUNTU-CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170
CVE-2023-40170 affects jupyter-server (the backend for Jupyter web apps). The issue is improper cross-site credential checks on the /files/ URLs, which could expose certain file contents or permit accessing files when opening untrusted files via “Open image in new tab.” The problem has a stated r...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...
CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...