Lucene search
K

13 matches found

OpenVAS
OpenVAS
added 2022/09/12 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2022-0323)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.05664EPSS
Exploits2References8
Ubuntu
Ubuntu
added 2022/08/30 9:26 a.m.52 views

USN-5585-1: Jupyter Notebook vulnerabilities

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...

7.5CVSS6.1AI score0.01741EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/08/30 12:0 a.m.75 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5585-1 advisory. It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack ...

7.5CVSS6.1AI score0.01741EPSS
Exploits1References9
Debian
Debian
added 2020/11/19 4:53 a.m.71 views

[SECURITY] [DLA 2432-1] jupyter-notebook security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2432-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 19, 2020 https://wiki.debian.org/LTS -...

7.8CVSS7.3AI score0.01511EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/19 12:0 a.m.30 views

Debian DLA-2432-1 : jupyter-notebook security update

Several vulnerabilities have been discovered in jupyter-notebook. CVE-2018-8768 A maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. CVE-2018-19351 allows...

7.8CVSS6.4AI score0.01511EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.22 views

Fedora 28 : python-notebook (2018-b9581d9624)

Security fix for CVE-2018-19351, CVE-2018-19352 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.1CVSS6.5AI score0.01511EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.28 views

Fedora 29 : python-notebook (2018-b792d607fd)

Update to 5.7.2, fix CVE-2018-19351, CVE-2018-19352 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.1CVSS6.5AI score0.01511EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/12/13 12:0 a.m.30 views

Fedora Update for python-notebook FEDORA-2018-b9581d9624

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6AI score0.01511EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2018/12/06 12:0 a.m.25 views

[ASA-201812-1] jupyter-notebook: cross-site scripting

Arch Linux Security Advisory ASA-201812-1 ========================================= Severity: Medium Date : 2018-12-06 CVE-ID : CVE-2018-19351 CVE-2018-19352 Package : jupyter-notebook Type : cross-site scripting Remote : No Link : https://security.archlinux.org/AVG-820 Summary ======= The packag...

6.1CVSS1.5AI score0.01511EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2018/11/21 10:15 p.m.3 views

fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)

notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:GHSA-49QR-XH3W-H436...

6.1CVSS6.6AI score0.01511EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/11/18 5:29 p.m.6 views

fairing (>=0.0.2 <=0.0.3), hugo-jupyter (>=0.2.1 <=0.3.0) +6 more potentially affected by CVE-2018-19351 via notebook (>=4.2.3 <=5.7.0)

notebook PYPI version =4.2.3, =0.0.2, =0.2.1, =0.1.2, =0.5.0, =1.0.0, =0.1.0, =0.2.0.dev1 Source cves: CVE-2018-19351 Source advisory: OSV:PYSEC-2018-17...

6.1CVSS6.6AI score0.01511EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/11/18 5:29 p.m.21 views

CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

6.1CVSS6.8AI score0.01511EPSS
Exploits0References6
CVE
CVE
added 2018/11/18 5:0 p.m.104 views

CVE-2018-19351

CVE-2018-19351 affects Jupyter Notebook prior to 5.7.2 due to missing Content Security Policy in nbconvert endpoints, enabling XSS via untrusted notebooks. Connected advisories confirm upstream fix in 5.7.2 (and related CSP/Open-redirect issues), with Debian/Fedora/Arch/Mageia/Ubuntu advisories r...

6.1CVSS5.5AI score0.01511EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder