CVE-2023-35168

DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8 that stems from a lack of...

CVE-2023-33963

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

Design/Logic Flaw

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

CVE-2023-32310 DataEase API interface has IDOR vulnerability

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

Davinci 安全漏洞

Davinci is edp open source a DVsaaS data visualization service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which originates from the fact that a user can connect to a malicious mysql server via a controlled data source and read arbitrary files on the client side...

CentOS 8 : grafana (CESA-2023:2784)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:2784 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...

Davinci 代码问题漏洞

Davinci is an edp open source DVsaaS Data Visualization Service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which stems from vulnerability to server request forgery SSRF attacks...

Oracle Linux 9 : grafana (ELSA-2023-2167)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2167 advisory. - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana:...

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 CVSS score: 8.9, impacts versions up to and including 2.0.1 and relat...

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

Remote code execution

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28437

Dataease SQL injection vulnerability (CVE-2023-28437) is caused by a missing entries in the keyword blacklist protecting against SQLi. Affects Dataease prior to version 1.18.5; fix released in 1.18.5. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack, LOW complexity, no privileges, no user ...

Unrestricted file upload

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

SAP BusinessObjects Business Intelligence Platform Information Leakage Vulnerability

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. An information disclosure vulnerability exists in SAP BusinessObjects...