CVE-2021-41192

Redash CVE-2021-41192 affects Redash versions 10.0.0 and earlier when admins do not explicitly set REDASH_COOKIE_SECRET and REDASH_SECRET_KEY. A default secret is used that is the same across installations, enabling session forgery by attackers who know the default value (c292a0a3aa32397cdb050e23...

CVE-2021-43777

Redash 10.0 and earlier are affected by CVE-2021-43777 due to improper use of the OAuth state parameter in Google Login, where the state is used to pass the next URL instead of a CSRF nonce. The issue does not affect non-Google-Login users. A patch in the master and release/10.x.x branches replac...

Apache Superset Code Injection Vulnerability

A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

Apache Superset Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Oracle Linux 8 : grafana (ELSA-2021-3771)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-3771 advisory. - resolve CVE-2021-39226 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

Design/Logic Flaw

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

CVE-2021-39226

Grafana CVE-2021-39226 describes a snapshot authentication bypass that allows viewing and deleting the lowest-key snapshot via literal paths. Affected: Grafana snapshot feature (unauthenticated and authenticated users can access /dashboard/snapshot/:key and /api/snapshots/:key to view the lowest-...

CVE-2021-39226 Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

Nagios XI file inclusion vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...

Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their...

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...

Add Security Events to Your Monitoring Tools

Real-time monitoring is important in every organization because it enables stakeholders to understand what is happening at any given time and react quickly. There are a lot of systems and devices we can and should monitor using tools such as application performance monitoring, digital performance...

lightning-server cross-site scripting vulnerability

lightning-server is a personal developer Npm library for data visualization applications . The library provides API-based access to reproducible Web-based interactive visualizations. A security vulnerability exists in all versions of lightning-server, which can be exploited by an attacker to inje...

[SECURITY] Fedora 32 Update: zabbix-4.0.22-1.fc32

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

[SECURITY] Fedora 31 Update: zabbix-4.0.22-1.fc31

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...