316 matches found
Microsoft Power BI Spoofing Vulnerability
Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...
[SECURITY] Fedora 36 Update: zabbix-5.0.21-1.fc36
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
[SECURITY] Fedora 35 Update: zabbix-5.0.21-1.fc35
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
[SECURITY] Fedora 34 Update: zabbix-5.0.21-1.fc34
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
DataEase Access Control Error Vulnerability
DataEase is an open source data visualization and analysis tool. An access control error vulnerability exists in DataEase, which stems from the fact that the product allows authorized users to access all user information and change administrator passwords. No details of the vulnerability are...
Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that originates from errors such as configuration during operation of a networked system or product. An attacker could exploit...
FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...
[SECURITY] Fedora 35 Update: zabbix-5.0.19-1.fc35
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
[SECURITY] Fedora 34 Update: zabbix-5.0.19-1.fc34
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
openSUSE 15 Security Update : grafana (openSUSE-SU-2022:0140-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0140-1 advisory. - Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the...
Grafana Unauthorized Arbitrary File Reading Vulnerability
Grafana Data Visualization Web Application Platform. Grafana Unauthorized Arbitrary File Reading vulnerability can be exploited by attackers to obtain sensitive information...
Redash has an unspecified vulnerability
Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions contain a security vulnerability that could be exploited by an attacker to spoof sessio...
CVE-2021-41192
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
CVE-2021-41192
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
CVE-2021-43777
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
Server side request forgery (ssrf)
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...
Cross site request forgery (csrf)
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...
Design/Logic Flaw
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
CVE-2021-43780 Server-Side Request Forgery (SSRF) in Redash
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...
CVE-2021-43780
CVE-2021-43780 affects Redash: versions 10.0 and prior with URL-loading data sources (JSON, CSV, Excel) enabled, allowing server-side request forgery (SSRF). The root cause is unsafe URL-loading data sources; impact is exposure via SSRF to potentially internal resources. The recommended fix is up...