CVE-2024-31441 Arbitrary File Reading in DataEase

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...

CVE-2024-31441 Arbitrary File Reading in DataEase

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...

CVE-2024-4340 vulnerabilities

Vulnerabilities for packages: py3-sqlparse, kubeflow-pipelines-visualization-server...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (April 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Data Visualization. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Data Visualization. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2024-4904 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue exists due to insufficient input validation in the Data Visualization component of Oracle Business Intelligence Enterprise Edition. This allows a remote...

GHSA-2M57-HF25-PHGG vulnerabilities

Vulnerabilities for packages: py3-sqlparse, kubeflow-pipelines-visualization-server...

GHSA-2M57-HF25-PHGG vulnerabilities

Vulnerabilities for packages: py3-sqlparse, kubeflow-pipelines-visualization-server...

CVE-2024-26275

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

CVE-2024-26276

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

CVE-2024-26277

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

CVE-2024-26276

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

CVE-2024-26275

A vulnerability has been identified in JT2Go All versions V2312.0004, Parasolid V35.1 All versions V35.1.254, Parasolid V36.0 All versions V36.0.207, Parasolid V36.1 All versions V36.1.147, Teamcenter Visualization V14.2 All versions V14.2.0.12, Teamcenter Visualization V14.3 All versions...

PT-2024-2988 · Siemens · Teamcenter Visualization +2

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V2312.0004 Parasolid V35.1 versions prior to V35.1.254 Parasolid V36.0 versions prior to V36.0.207 Parasolid V36.1 versions prior to V36.1.147 Teamcenter Visualization V14.2 versions prior to V14.2.0.12 Teamcenter...

PT-2024-2979 · Siemens · Teamcenter Visualization +2

Name of the Vulnerable Software and Affected Versions: Parasolid V35.1 versions prior to V35.1.254 Parasolid V36.0 versions prior to V36.0.207 Parasolid V36.1 versions prior to V36.1.147 JT2Go versions prior to V2312.0004 Teamcenter Visualization V14.2 versions prior to V14.2.0.12 Teamcenter...

PT-2024-2997 · Siemens · Teamcenter Visualization +2

Name of the Vulnerable Software and Affected Versions: Parasolid versions prior to V35.1.254 Parasolid versions prior to V36.0.207 Parasolid versions prior to V36.1.147 JT2Go versions prior to V2312.0004 Teamcenter Visualization versions prior to V14.2.0.12 Teamcenter Visualization versions prior...

CVE-2024-30269

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. The vulnerability has...

CVE-2024-30269

Summary: DataEase before version 2.5.0 is vulnerable to a database configuration information exposure via the endpoint /de2api/engine/getEngine;.js. This path returns the platform’s database configuration, enabling disclosure of sensitive information. Affected versions: prior to 2.5.0 (e.g., up t...

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...