CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24816 – set_term_title command injection in ipython
https://notcve.org/view.php?id=CVE-2023-24816
10 Feb 2023 — IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vu... • https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2022-21699 – Execution with Unnecessary Privileges in ipython
https://notcve.org/view.php?id=CVE-2022-21699
19 Jan 2022 — IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade. IPython (Interactive Python) es un shell de comandos para la computación interactiva en múltipl... • https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4706
https://notcve.org/view.php?id=CVE-2015-4706
21 Sep 2017 — Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en las versiones 3.x de IPython anteriores a la 3.2 permite que atacantes remotos inyecten scripts web o HTML mediante vectores que implican mensajes de error JSON y la ruta /api/contents. • http://www.openwall.com/lists/oss-security/2015/06/22/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4707
https://notcve.org/view.php?id=CVE-2015-4707
20 Sep 2017 — Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en IPython en versiones anteriores a la 3.2 permite que atacantes remotos inyecten scripts web o HTML mediante vectores relacionados con mensajes de error JSON y la ruta /api/notebooks. • http://www.openwall.com/lists/oss-security/2015/06/22/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2015-5607 – Ubuntu Security Notice USN-5953-1
https://notcve.org/view.php?id=CVE-2015-5607
20 Sep 2017 — Cross-site request forgery in the REST API in IPython 2 and 3. Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3. It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7337 – Gentoo Linux Security Advisory 201512-02
https://notcve.org/view.php?id=CVE-2015-7337
29 Sep 2015 — The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. Vulnerabilidad en el editor en IPython Notebook en versiones anteriores a 3.2.2 y Jupyter Notebook 4.0.x en versiones anteriores a 4.0.5, permite a atacantes remotos ejecutar código JavaScript arbitrario a través de un archivo manipulado, lo que desencadena una redireción a files/, rela... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 11EXPL: 2CVE-2015-6938
https://notcve.org/view.php?id=CVE-2015-6938
21 Sep 2015 — Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. Vulnerabilidad de XSS en el buscador de archivos en notebook/notebookapp.py en IPython Notebook en versiones anteriores a 3.2.2 y Jupyter Notebook 4.0.x... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166460.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 11EXPL: 0CVE-2014-3429 – Mandriva Linux Security Advisory 2014-157
https://notcve.org/view.php?id=CVE-2014-3429
07 Aug 2014 — IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada. In IPython before 1.2, the origin of websocket reque... • http://advisories.mageia.org/MGASA-2014-0320.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •