1047 matches found
CVE-2024-31441 Arbitrary File Reading in DataEase
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
Apache Superset 安全漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 3.1.2, which can be exploited by an authenticated attacker to access metadata from data sources they are not authorized to vie...
ROS-20240503-18
A vulnerability in the Apache Maven framework is related to the generation of double-quoted strings without proper escaping. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a shell-based attack. shell attacks A vulnerability in the Apache Maven framework is...
ICA Latency in Director shows Cannot retrieve the data
When checking ICA latency for a VDA on an App Layering based image, Director does not show that data. ICA Latency within Director says "Cannot retrieve the data." Hovering over that error message in Director pops up the message: "Data source unresponsive due to a configuration error. View Directo...
OESA-2024-1398 rubygem-tzinfo security update
TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...
ROS-20240410-17
The vulnerability of the ImageBuild function of the Moby containerization software tool is related to a flaw in the data source validation mechanism for endpoint processing. is related to a flaw in the data source validation mechanism for endpoint processing. Exploitation of the vulnerability cou...
The vulnerability of the Grafana monitoring and observation platform lies in the redirection of the URL address to an unreliable website, allowing a hacker to redirect users to any desired website.
The vulnerability of the Grafana monitoring and observation platform relates to bypassing security configurations, if a malicious data source operates on a permitted host. Exploiting this vulnerability could allow a remote attacker to redirect users to an arbitrary website...
CVE-2024-24976
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...
CVE-2024-24976
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...
CVE-2024-24976
A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigge...
PT-2024-20684 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 19.00.0057 Description: A denial of service issue exists in the OAS Engine File Data Source Configuration functionality. It can be triggered by a specially crafted series of network requests,...
Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability
Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...
Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability
Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...
GO-2024-2661 Arbitrary file read in github.com/grafana/grafana
An authenticated attacker that has privileges to modify the data source configurations can read arbitrary files...
The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series arises from the use of an unreliable data source, allowing a intruder to execute arbitrary code.
The vulnerability of the microprogramming software for UniLogic Studio series UniStream is related to the use of an unreliable data source. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
CVE-2019-19398
creationtimestamp| type| source ---|---|--- 2024-03-17 12:11:21+00:00| seen| https://t.me/ctinow/209880...
CVE-2024-2495
creationtimestamp| type| source ---|---|--- 2024-03-15 14:26:42+00:00| seen| https://t.me/ctinow/208797 2025-08-12 13:33:28+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996 2025-08-21 03:19:29+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996...
Grafana Labs 10.0.x < 10.0.12 / 10.1.x < 10.1.8 / 10.2.x < 10.2.5 / 10.3.x < 10.3.4 / 8.5.x < 9.5.7 (CVE-2024-1442)
The version of Grafana Labs installed on the remote host is prior to 10.0.12, 10.1.8, 10.2.5, 10.3.4, or 9.5.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1442 advisory. - A user with the permissions to create a data source can use Grafana API to create a data...
BIT-GRAFANA-2024-1442 User with permissions to create a data source can CRUD all data sources
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...
Apache Linkis Log Information Disclosure Vulnerability
Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.4.0 and earlier versions have a log information disclosure vulnerability, the vulnerability stems...