[SECURITY] Fedora 38 Update: redis-7.0.11-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 37 Update: redis-7.0.11-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Server-Side Request Forgery (SSRF)

Apache Superset is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to not sanitizing the url used to import a dataset from while using import dataset feature. This can lead to SSRF attack since an authenticated malicious actor can query internal resources on behalf of the...

CVE-2023-25504

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...

CVE-2023-25504

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...

CVE-2023-25504 Apache Superset: Possible SSRF on import datasets

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...

PT-2023-20117 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.0.1 Description: A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature to conduct Server-Side Request Forgery attacks...

Fortinet FortiAnalyzer 输入验证错误漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

[SECURITY] Fedora 37 Update: redis-7.0.10-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-1573

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

Cross site scripting

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

CVE-2023-1573

The CVE-2023-1573 issue affects DataGear up to version 1.11.1, tied to the Graph Dataset Handler. It allows cross-site scripting when processing the component, with remote initiation possible. Exploit information is publicly disclosed. Remediation: upgrade to DataGear 1.12.0 to address the vulner...

CVE-2023-1573 DataGear Graph Dataset cross site scripting

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public a...

PT-2023-17089 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 1.11.1 Description: A vulnerability was found in the Graph Dataset Handler component, leading to cross-site scripting. The attack can be initiated remotely. The issue affects some unknown processing of this component...

DataGear 跨站脚本漏洞

DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A cross-site scripting vulnerability exists in versions of DataGear prior to 1.11.1, which stems from an issue with the component Graph Dataset Handler that can lead to cross-site scripting...

What's Wrong with Manufacturing?

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also th...

[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 37 Update: redis-7.0.9-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

PT-2023-20446 · Geoserver +1 · Geoserver +1

Name of the Vulnerable Software and Affected Versions: GeoNode versions prior to 4.0.3 Description: GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer, leading to Arbitrary File Read. The issue arises from the dataset style upload view,...

SUSE CVE-2021-37650

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...