2609 matches found
CVE-2022-41660
A vulnerability has been identified in JT2Go All versions V14.1.0.4, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.7, Teamcenter Visualization V14.0 All versions V14.0.0.3, Teamcenter Visualization V14.1 All versions V14.1.0.4. The...
PT-2022-26012 · Siemens · Teamcenter Visualization +1
Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.4 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.7 Teamcenter Visualization V14.0 versions prior to 14.0.0.3 Teamcenter Visualization V14.1...
Siemens JT2Go和Teamcenter Visualization 缓冲区错误漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
Siemens JT2Go和Teamcenter 资源管理错误漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
Siemens JT2Go和Teamcenter Visualization 缓冲区错误漏洞
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
PT-2022-26013 · Siemens · Teamcenter Visualization +1
Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.4 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.7 Teamcenter Visualization V14.0 versions prior to 14.0.0.3 Teamcenter Visualization V14.1...
PT-2022-26014 · Siemens · Teamcenter Visualization +1
Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.4 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.7 Teamcenter Visualization V14.0 versions prior to 14.0.0.3 Teamcenter Visualization V14.1...
PT-2022-26011 · Siemens · Teamcenter Visualization +1
Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 14.1.0.4 Teamcenter Visualization V13.2 versions prior to 13.2.0.12 Teamcenter Visualization V13.3 versions prior to 13.3.0.7 Teamcenter Visualization V14.0 versions prior to 14.0.0.3 Teamcenter Visualization V14.1...
CVE-2022-39362
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...
CVE-2022-39360
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...
CVE-2022-39359
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...
CVE-2022-39358
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
Default credentials
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on SSO users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions...
Design/Logic Flaw
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...
Design/Logic Flaw
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
CVE-2022-39359 Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...
CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in...
CVE-2022-39361
Metabase (data visualization platform) contains a CVE-2022-39361 affecting H2 (Sample Database) prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, enabling Remote Code Execution when a user can write SQL queries against H2. The issue is mitigated by disallowing ...
CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...
CVE-2022-39362
Metabase is affected by CVE-2022-39362 due to unsafely auto-executing unsaved/native SQL queries in certain older releases. Affected versions include 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 (prior to patch). The underlying issue allowed native queries to be executed aut...