CVE-2021-43780

CVE-2021-43780 affects Redash: versions 10.0 and prior with URL-loading data sources (JSON, CSV, Excel) enabled, allowing server-side request forgery (SSRF). The root cause is unsafe URL-loading data sources; impact is exposure via SSRF to potentially internal resources. The recommended fix is up...

CVE-2021-41192

Redash CVE-2021-41192 affects Redash versions 10.0.0 and earlier when admins do not explicitly set REDASH_COOKIE_SECRET and REDASH_SECRET_KEY. A default secret is used that is the same across installations, enabling session forgery by attackers who know the default value (c292a0a3aa32397cdb050e23...

CVE-2021-43777

Redash 10.0 and earlier are affected by CVE-2021-43777 due to improper use of the OAuth state parameter in Google Login, where the state is used to pass the next URL instead of a CSRF nonce. The issue does not affect non-Google-Login users. A patch in the master and release/10.x.x branches replac...

Apache Superset Code Injection Vulnerability

A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

OSIsoft PI Vision 安全漏洞

Osisoft OSIsoft PI Vision is a suite of visualization tools from OSIsoft Osisoft USA that supports accessing PI System data from mobile devices, and it supports self-configuration of trends, images, data values, etc. in order to present data information. A security vulnerability exists in OSIsoft...

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

An out-of-bounds write vulnerability exists in Siemens Teamcenter Visualization, which provides team collaboration capabilities for designing 2D and 3D scenes, and can be exploited by attackers to execute code in the context of the current process...

PT-2021-22878 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions prior to V9.1 SP1 SIMATIC PCS 7 version V8.2 SIMATIC PCS 7 version V9.0 through V9.0 SP3 UC03 SIMATIC WinCC versions prior to V15 SP1 Update 7 SIMATIC WinCC versions prior to V16 Update 5 SIMATIC WinCC versions prior to...

Apache Superset Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Oracle Linux 8 : grafana (ELSA-2021-3771)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-3771 advisory. - resolve CVE-2021-39226 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

Have You Checked the New Kubernetes RBAC Swiss Army Knife?

Kubernetes Role-Based Access Control RBAC is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamicall...

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

Design/Logic Flaw

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

CVE-2021-39226

Grafana CVE-2021-39226 describes a snapshot authentication bypass that allows viewing and deleting the lowest-key snapshot via literal paths. Affected: Grafana snapshot feature (unauthenticated and authenticated users can access /dashboard/snapshot/:key and /api/snapshots/:key to view the lowest-...

CVE-2021-39226 Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

Huawei EulerOS: Security Advisory for graphviz (EulerOS-SA-2021-2375)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...