374 matches found
Data Visualisation Framework - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-055
This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...
PT-2023-29875 · Themify · Themify Ultra
Name of the Vulnerable Software and Affected Versions: Themify Ultra versions n/a through 7.3.5 Description: The issue is related to the deserialization of untrusted data. This can potentially lead to security risks, as deserializing untrusted data can allow an attacker to execute malicious code...
CVE-2023-3517
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...
CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...
Hitachi Vantara Pentaho Data Integration & Analytics Security Breach
Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 9.5.0.1, prior to 9.3.0.5, and 8.3.x, which stems from an...
The vulnerability of the PyArrow library, related to reading data from unreliable sources, allows a perpetrator to execute arbitrary code.
The vulnerability of the PyArrow library is related to the reading of data from unreliable sources. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Fedora: Security Advisory (FEDORA-2023-3bc3404fc1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
CVE-2023-29046
CVE-2023-29046 affects Open-Xchange App Suite. The issue: connections to external data sources (e.g., email autoconfig) are not terminated on timeout and are logged instead. Some connections target user-controlled endpoints, enabling an attacker to keep connections open and trigger a large amount...
CVE-2023-29046
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...
Open-Xchange App Suite Resource Management Error Vulnerability
Open-Xchange App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that originates from a connection to an external data source that does not terminate upon timeout...
Devolutions Remote Desktop Manager Security Vulnerability
Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.2.33 and prior versions, which stems from an improper access control issue in the...
The vulnerability in the data_sources.php script of the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability in the datasources.php script of the Cacti network monitoring software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability in the data_sources.php script of the Cacti network monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability in the datasources.php script of the Cacti network monitoring software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
SUSE CVE-2023-39366
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
SUSE CVE-2023-39512
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
SUSE CVE-2023-39516
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
SUSE CVE-2023-39515
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...
DEBIAN-CVE-2023-39516
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...
CVE-2023-39516
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...