Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...

CVE-2024-23328

CVE-2024-23328 concerns DataEase, an open-source data visualization/analysis tool. The vulnerability resides in the DataEase datasource implementation, specifically in the Java file Mysql.java, where unsafe deserialization can be triggered through bypassable blacklist checks on MySQL JDBC paramet...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2024-06442)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 3.0.3, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can ...

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

Apache Superset Elevation of Privilege Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain write access to all gauges in a dashboard via the Add Gauge function of Create...

DRUPAL-CONTRIB-2023-055

This module allows you to turn various data sources Eg CSV or JSON file into interactive visualisation. The DVF module provides a field storage, widget & formatter that can be added to any entity. This module uses two third-party JS libraries having from low to medium vulnerabilities. One of the...

Arbitrary File Read Vulnerability in Damon Qizi Conference Data Visualization System (DMQZDV Experience Edition) of Wuhan Damon Database Co.

Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizi Big Data Visualization System DMQZDV Experience Edition of Wuhan Damon Database Co...

Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...

Apache Superset Information Disclosure Vulnerability (CNVD-2024-0681549)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 2.1.2, which can be exploited by an authenticated attacker to read configured CSS templates and comments...

Apache Superset Information Disclosure Vulnerability (CNVD-2023-9666229)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 3.0.0, which stems from the application's inadequate protection of sensitive information and can be exploited b...

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

Why Cool Dashboards Don’t Equal Effective Security Analytics

Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...

Apache Superset Information Disclosure Vulnerability (CNVD-2023-70276)

Apache Superset is an open source data visualization tool based on Python. A security vulnerability in the Apache Superset stack trace error handling can be exploited by a remote attacker to submit a special request that can obtain sensitive information...

Apache Superset Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...

Apache Superset Code Execution Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A code execution vulnerability exists in Apache Superset version 2.1.0 and earlier, which can be exploited by an attacker to remotely execute code on a Web backend...

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

Apache Superset Security Bypass Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset version 2.1.0 and prior versions, which can be exploited by an attacker to incorrectly create resources using the Import Chart feature...

CVE-2023-39512

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...