CVE-2023-37257

CVE-2023-37257 is a stored cross-site scripting vulnerability in DataEase prior to version 1.18.9, affecting the DataEase panel and dataset. The root cause is a stored XSS condition in the panel/dataset that could be triggered by user input or data rendering, as documented by multiple sources. Th...

CVE-2023-22060

Oracle Hyperion Workspace (UI and Visualization) is affected by CVE-2023-22060 in version 11.2.13.0.000. The flaw is an insecure privilege management issue that allows a low-privileged attacker with network access via HTTP to compromise Workspace. Attacks require user interaction and can lead to ...

PT-2023-4024 · Oracle · Oracle Hyperion Workspace

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Workspace version 11.2.13.0.000 Description: The issue is related to insecure privilege management in the UI and Visualization component of Oracle Hyperion Workspace. It allows a low-privileged attacker with network access via...

ZeusCloud - Open Source Cloud Security

ZeusCloud is an open source cloud security platform. Discover, prioritize, and remediate your risks in the cloud. Build an asset inventory of your AWS accounts. Discover attack paths based on public exposure, IAM, vulnerabilities, and more. Prioritize findings with graphical context. Remediate...

Meet unprecedented security challenges by leveraging MXDR services

We know customers of every size face ever-increasing security risks. In just the last 12 months the speed of attackers leveraging breaches is also increasing, as it only takes 72 minutes on average for an attacker to access private data from the time a user falls victim to a phishing email.1 Data...

OPENSUSE-SU-2023:0166-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Fix Vagrant/virtualbox startup problems boo1209727 - VirtualBox 7.0.8 released April 18 2023 This is a maintenance release. The following items were fixed and/or added: - VMM: Introduced general improvements in nested visualization area -...

CVE-2023-35164

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

Authorization

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-35164

CVE-2023-35164 (DataEase) involves a missing authorization check in DataEase prior to version 1.18.8, allowing unauthorized users to manipulate dashboards created by an administrator. The issue affects versions before 1.18.8; the vulnerability is fixed in 1.18.8. In-scope impact is partial on int...

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-34463

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

Design/Logic Flaw

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

CVE-2023-34463 Unauthorized users can delete applications in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

CVE-2023-34463

DataEase contains a vulnerability (CVE-2023-34463) where unauthorized users can delete an application. Affected product: DataEase, with fixes implemented in version 1.18.8. Public references in multiple sources confirm the issue and upgrade as the advised remediation. Impact details describe unau...

CVE-2023-35168

DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8, which stems from the possibility th...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.8 that stems from a lack of...

CISA Releases Fourteen Industrial Control Systems Advisories

CISA released fourteen Industrial Control Systems ICS advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA...

Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...