CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java. The...

CVE-2023-5384

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration. Mitigation The issue's impact is limited because...

cloud-init security, bug fix, and enhancement update

23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permission Orabug: 35302969 - Update detection logic for OL distros in config template Orabug: 34845400 - Adde...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.9), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.9) +1 more potentially affected by CVE-2023-40771 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.9)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.9 Source cves: CVE-2023-40771 Source advisory: OSV:GHSA-8RV7-G772-PP3J...

A Bootiful Podcast: Tadaya Tsuyukubo, creator of R2DBC Proxy, DataSource Proxy, and more

HI, Spring fans! In this installment Josh Long talks to R2DBC Proxy creator Tadaya Tsuyukubo, @ttddyy, creator of R2DBC Proxy and others...

CVE-2023-38699 MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...

org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=1.5.0 <=4.0.0-alpha) +23 more potentially affected by CVE-2022-24697 via org.apache.kylin:kylin-core-common (>=1.5.0 <=4.0.0-alpha)

org.apache.kylin:kylin-core-common MAVEN version =1.5.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =2.3.2, =1.5.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2022-24697 Source advisory:...

MAL-2023-215 Malicious code in criteo-static-variables-datasource (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65ae832c9a084b0c39c57bf3bb68ff1877e5f1370b9c29e564368e0a2d224d9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2017-6737

creationtimestamp| type| source ---|---|--- 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:27:41+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971329 2025-02-23 02:10:16+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2026-02-02...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.6), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.6) +1 more potentially affected by CVE-2023-32310 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.6)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.6 Source cves: CVE-2023-32310 Source advisory: OSV:GHSA-7HV6-GV38-78WJ...

Deserialization of untrusted data

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

PT-2023-24604 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The issue has been fixed in version 1.18.7. There are no known workarounds asi...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

SUSE CVE-2009-0580

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

SUSE CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

SUSE CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

SUSE CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource...

CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...