CVE-2022-31130

CVE-2022-31130 affects Grafana: older Grafana releases expose authentication tokens via destination plugins, impacting data source and plugin proxy endpoints. Specifically, versions prior to 9.1.8 and 8.5.14 can leak a user’s Grafana token to a destination plugin under certain conditions; a patch...

CVE-2022-31123 Grafana plugin signature bypass vulnerability

Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are...

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

[SECURITY] Fedora 37 Update: zabbix-6.0.8-1.fc37

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

Format string

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user...

CVE-2022-34838 ABB Ability TM Operations Data Management Zenon Zenon Log Server file access control

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user...

PT-2022-22387 · Abb · Abb Zenon

Name of the Vulnerable Software and Affected Versions: ABB Zenon version 8.20 Description: The issue allows an attacker to add or alter data points and corresponding attributes. Once such engineering data is used, the data visualization will be altered for the end user. Recommendations: For ABB...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a security vulnerability , the vulnerability stems from the plug-in...

Apache Superset Access Control Error Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an Access Control Error vulnerability that stems from improper access restrictions. A remote attacker could exploit the vulnerability to bypass implemented security...

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...

GHSA-Q7V2-W38R-PV7V phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations 1 TRUNCATE or 2 DROP link for a crafted table name, 3 the Add Trigger popup within a Triggers page that references...

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations 1 TRUNCATE or 2 DROP link for a crafted table name, 3 the Add Trigger popup within a Triggers page that references...

Microsoft Power BI Spoofing Vulnerability

Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...

[SECURITY] Fedora 36 Update: zabbix-5.0.21-1.fc36

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

[SECURITY] Fedora 35 Update: zabbix-5.0.21-1.fc35

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

[SECURITY] Fedora 34 Update: zabbix-5.0.21-1.fc34

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

DataEase Access Control Error Vulnerability

DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...

Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that originates from errors such as configuration during operation of a networked system or product. An attacker could exploit...

FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...

[SECURITY] Fedora 35 Update: zabbix-5.0.19-1.fc35

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...