CVE-2023-26486

A flaw was found in one of Kibana’s dependencies. This flaw allows an attacker to perform Cross-site scripting XSS after loading a maliciously crafted custom visualization in Kibana...

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 CVSS score: 8.9, impacts versions up to and including 2.0.1 and relat...

Apache DolphinScheduler Authorization Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...

CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

Authentication flaw

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

Siemens Teamcenter Visualization 安全漏洞

Siemens Teamcenter Visualization is the German Siemens Siemens company's a can be designed for 2D, 3D scenes to provide teamwork function of the software. Siemens Teamcenter Visualization suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted...

B&R Industrial Automation B&R VC4 授权问题漏洞

B&R Industrial Automation B&R VC4 is a visualization system from B&R Industrial Automation, Austria. It can be used to create line displays or to control integrated or remote XGA displays with keys and/or touch screens. A security vulnerability exists in the B&R Industrial Automation B&R VC4 that...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Augment Security Asset Tagging with Custom Assessment and Remediation (CAR)

Security asset tagging provides a flexible and scalable way to organize the assets in your environment based on specific requirements. It enables you to create tags and assign them to your assets, which can improve your cybersecurity maturity and reduce risks for breaches and audit failures. Qual...

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

Remote code execution

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

CVE-2023-28437

Dataease SQL injection vulnerability (CVE-2023-28437) is caused by a missing entries in the keyword blacklist protecting against SQLi. Affects Dataease prior to version 1.18.5; fix released in 1.18.5. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack, LOW complexity, no privileges, no user ...

Unrestricted file upload

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

CVE-2023-27578 Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...