CVE-2024-48540

Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file...

NuGet Package 'Microsoft.Data.Analysis' Detection

The remote host has a 'Microsoft.Data.Analysis' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Weights & Biases Weave Detection

A Weights & Biases Weave Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208128; scriptversion"1.6";...

CVE-2024-42351

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy and...

CVE-2024-42351

CVE-2024-42351 affects the Galaxy open‑source data analysis platform, where an attacker can potentially replace contents of public datasets, causing data loss or tampering. Affected versions are Galaxy releases prior to 21.05; patches have been applied in all supported branches back to release_21...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

How to Investigate ChatGPT activity in Google Workspace

When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see...

编号撤回

Pandas is an open source data analysis and processing tool from NumFOCUS based on the Python language. This CVE number has been withdrawn...

Siemens Location Intelligence Weak Password Vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a weak password vulnerability that can be exploited by attackers to conduct...

Splunk Enterprise Command Injection Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Information Disclosure Vulnerability (CNVD-2024-34261)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

The Emerging Role of AI in Open-Source Intelligence

Recently the Office of the Director of National Intelligence ODNI unveiled a new strategy for open-source intelligence OSINT and referred to OSINT as the "INT of first resort". Public and private sector organizations are realizing the value that the discipline can provide but are also finding tha...

Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence

Cracking Cobalt Strike Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence By Joao Marques, John Fokker and Leandro Velasco · July 3, 2024 Introduction In a significant global effort to combat cybercrime, law enforcement agencies from around the world have joined forces to...

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...

The vulnerability of the Hazelcast data analysis platform, related to permission processing errors, allows attackers to perform arbitrary actions.

The vulnerability of the Hazelcast data analysis platform is related to permission processing errors. Exploiting this vulnerability allows a remote attacker to perform arbitrary actions...

Enhancing Velociraptor with the Cado Security Platform

By: Nicholas Handy, Director of Technical Alliances & Partnerships at Cado Security Velociraptor is a robust open-source tool designed for collecting and querying forensic and incident response artifacts across various endpoints. This powerful tool allows incident responders to effortlessly gathe...

Siemens (China) Ltd. WinCC suffers from Denial of Service Vulnerability (CNVD-C-2024-309044)

WinCC is a SCADA system for a wide range of industries that allows you to access devices, extract smart data, analyze data and report on it from your mobile. A denial of service vulnerability exists in Siemens China Ltd WinCC, which can be exploited by attackers to cause a denial of service...

CVE-2024-31601

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component...

CVE-2024-31601

CVE-2024-31601 affects Beijing Panabit Network Software Co., Ltd. Panalog big data analysis platform (version 20240323 and earlier). The issue allows attackers to execute arbitrary code via the exportpdf.php component, with a CVSSv3.1 base score of 9.8 (Network, High impact on confidentiality, in...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to execute a...