Design/Logic Flaw

nbviewer-app aka Jupyter Notebook Viewer before 0.1.6 has the get-task-allow entitlement for release builds...

CVE-2023-51277

CVE-2023-51277 affects nbviewer-app (Jupyter Notebook Viewer) prior to version 0.1.6, where the release build incorrectly included the get-task-allow entitlement. This misconfiguration can enable loading of untrusted code, with reported high impact on confidentiality, integrity, and availability....

Jupyter Notebook Viewer Security Vulnerability

Jupyter Notebook Viewer is a macOS application for viewing Jupyter/IPython notebooks. A security vulnerability exists in Jupyter Notebook Viewer prior to version 0.1.6, which stems from a problem with the get-task-allow function and can be exploited by an attacker to load untrusted code...

CVE-2023-7163

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the...

faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:GHSA-672H-6X89-76M5...

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine,"...

PT-2023-31781 · Unknown · Nbviewer-App

Name of the Vulnerable Software and Affected Versions: nbviewer-app aka Jupyter Notebook Viewer versions prior to 0.1.6 Description: The issue is related to the get-task-allow entitlement for release builds, which can lead to code execution due to an improperly set entitlement. The developer has...

[SECURITY] Fedora 39 Update: ansible-core-2.16.2-1.fc39

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 39 Update: ansible-9.1.0-1.fc39

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6831 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6831 Source advisory: OSV:GHSA-554W-XH4J-8W64...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek CVE-2021-47432 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow CVE-2023-52752 In th...

Design/Logic Flaw

Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:GHSA-CXFR-5Q3R-2RC2...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:PYSEC-2023-281...

MCS Provisioned VDI shows the wrong Storage Type as HDD

Use MCS to create VDIs on Azure hypervisor and select the storage type as "Standard SSD". After that, the storage type is shown correctly as Standard SSD in Azure Portal. However, when logon VDI and open the Task Manager, the storage type is shown as "HDD"...

Tater

It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not explicitly mentioned, but the tool is based on the Hot Potato Windows Privilege Escalation exploit, which is a known vulnerability. The target product/service is Windows, and the vulnerability class/vector is...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

The malware, attacker trends and more that shaped the threat landscape in 2023

The 2023 Cisco Talos Year in Review is now available to download. Once again, the Talos team has meticulously combed through a massive amount of data to analyze the major trends that have shaped the threat landscape in 2023. Global conflict influenced a lot of these trends, altering the tactics a...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-43472 via mlflow (>=0.8.2 <=2.8.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-43472 Source advisory: OSV:GHSA-WQXF-447M-6F5F...

CVE-2023-40094

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...