28 matches found
Cross-site Scripting (XSS)
Overview @jupyterlab/notebook-extension is a JupyterLab - Notebook Extension Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary...
@datalayer/jupyter-react (>=0.0.6 <=0.9.5), @jupyter-notebook/application-extension (>=7.1.0 <=7.4.7) +3 more potentially affected by CVE-2026-42557 via @jupyterlab/rendermime (>=4.0.0-alpha.11 <=4.4.10)
@jupyterlab/rendermime NPM version =4.0.0-alpha.11, =0.0.6, =7.1.0, =0.0.23, =1.29.0, =1.30.0-rc1 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABRENDERMIME-16438960...
@datalayer/jupyter-react (=0.9.5) potentially affected by CVE-2026-42557 via @jupyterlab/notebook-extension (=4.1.0-beta.0)
@jupyterlab/notebook-extension NPM version =4.1.0-beta.0 is affected by a known vulnerability. The following packages have a transitive dependency on @jupyterlab/notebook-extension and may be impacted: - @datalayer/jupyter-react =0.9.5 Source cves: CVE-2026-42557 Source advisory:...
@datalayer/jupyter-react (>=0.0.6 <=0.9.5), @jupyter-notebook/lab-extension (>=7.1.0 <=7.4.7) +9 more potentially affected by CVE-2026-42557 via @jupyterlab/notebook (>=4.0.0-alpha.11 <=4.5.1)
@jupyterlab/notebook NPM version =4.0.0-alpha.11, =0.0.6, =7.1.0, =7.1.0, =0.0.23, =5.3.6, =1.0.0, =1.4.0 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABNOTEBOOK-16438957...
HP Data Protector LogClientInstallation Method Userid Field SQL Execution
The HP Data Protector DPNECentral web service listening on this port contains a SQL injection vulnerability because it fails to properly sanitize user-supplied input to the userid field of its LogClientInstallation method before using it in a database query. This may allow an attacker to read and...
HP Data Protector Multiple Products LogClientInstallation SQL Injection (CVE-2011-3156)
An SQL injection vulnerability has been reported in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers...
HP Data Protector Notebook Extension Policy Server FinishedCopy Remote SQL Injection Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on...
HP Data Protector Notebook Extension Policy Server LogClientInstallation Remote SQL Injection Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on...
HP Data Protector Notebook Extension Policy Server LogCopyOperation Remote SQL Injection Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on...
HP Data Protector Notebook Extension Policy Server LogBackupLocationStatus Remote SQL Injection Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on...
HP Data Protector Notebook Extension Policy Server RequestCopy Remote SQL Injection Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on...
HP Data Protector Notebook Extension multiple security vulnerabilities
No description provided...
CVE-2011-3162
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296...
CVE-2011-3161
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229...
CVE-2011-3159
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227...
CVE-2011-3158
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226...
CVE-2011-3157
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225...
Code injection
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296...
CVE-2011-3157
HP Data Protector Notebook Extension contains a vulnerability in the dpnepolicyservice GetPolicies method that does not properly validate the clientVersion field, enabling remote attackers to execute arbitrary SQL queries as the service user. Affected products include HP Data Protector Notebook E...
CVE-2011-3157
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225...