The vulnerability of the Data Visualization component of the Oracle Business Intelligence Enterprise Edition software platform allows attackers to disclose protected information.

The vulnerability of the Data Visualization component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

Apache Superset SQL Injection Vulnerability (CNVD-2024-35190)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

Malicious code in HIC.System.Windows.Forms.DataVisualization.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4508 Malicious code in HIC.System.Windows.Forms.DataVisualization.Net (NuGet)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 40 Update: qt5-qtdatavis3d-5.15.14-1.fc40

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

[SECURITY] Fedora 40 Update: qt6-qtdatavis3d-6.7.1-1.fc40

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase v1.18.19 before the version of a security vulnerability , the vulnerability stems from ClickHous...

CVE-2024-31441 Arbitrary File Reading in DataEase

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...

CVE-2024-31441 Arbitrary File Reading in DataEase

DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (April 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Data Visualization. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Data Visualization. The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2024-4904 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue exists due to insufficient input validation in the Data Visualization component of Oracle Business Intelligence Enterprise Edition. This allows a remote...

CVE-2024-30269

Summary: DataEase before version 2.5.0 is vulnerable to a database configuration information exposure via the endpoint /de2api/engine/getEngine;.js. This path returns the platform’s database configuration, enabling disclosure of sensitive information. Affected versions: prior to 2.5.0 (e.g., up t...

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

CVE-2024-29890 Remote code execution in datalens-ui

DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem w...

CVE-2024-29890

CVE-2024-29890 affects DataLens/DataLens UI components, with a vulnerability in datalens-ui prior to version 0.1449.0. A specially crafted request can create a chart type that passes custom JavaScript, which then executes in an unprotected sandbox on subsequent chart requests. The issue has a kno...

Apache Superset Resource Management Error Vulnerability (CNVD-2024-14775)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A resource management error vulnerability exists in Apache Superset versions 2.1.2 and earlier, 3.0.0, and 3.0.1, which stems from uncontrolled resource consumption by the application, and can be...

SQL Injection Vulnerability in Damon Qizhi Big Data Visualization System of Wuhan Damon Database Co.

Founded in 2000, Wuhan Damon Database Co., Ltd. is a leading database product development service provider in China. A SQL injection vulnerability exists in Wuhan Damon Database Co., Ltd's Damon Qizhi Big Data Visualization System, which can be exploited by attackers to obtain sensitive database...