141 matches found
Apache Superset REST API Authorization Issues Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...
Apache Superset Authorization Issues Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...
Apache Superset Unauthorized Access Vulnerability
Apache Superset is a Python language based development of open source fashionable data exploration and analysis and visualization of the reporting platform , support for rich data sources , and has a colorful visualization of the charts to choose from . An unauthorized access vulnerability exists...
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
EasyImages 安全漏洞
EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A security vulnerability exists in EasyImages version v2.0, which stems from the presence of an arbitrary file download vulnerability that can be exploited by an...
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)
A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...
Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)
An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...
Information Disclosure
tripleoansible is vulnerable to Information Disclosure. The vulnerability exists due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted which allows an local attacker to use a brute force attack to explore the relevant directory and discover...
[SECURITY] Fedora 36 Update: gron-0.7.1-3.fc36
gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...
[SECURITY] Fedora 36 Update: gron-0.7.1-2.fc36
gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...
Using Python to unearth a goldmine of threat intelligence from leaked chat logs
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...
[SECURITY] Fedora 34 Update: gron-0.6.1-2.fc34
gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...
Friday Squid Blogging: Do Squid Have Emotions?
Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we dont know, but cant rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates dont feel pain and other emotions. "If they can no longer be...
WEKA INTEREST Security Scanner 安全漏洞
WEKA INTEREST Security Scanner is a commonly used software for data exploration by the University of Waikato team in New Zealand. A security vulnerability exists in WEKA INTEREST Security Scanner version 1.8 LAN Viewer, which results in a denial of service when unknown input is used in certain...
Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that originates from errors such as configuration during operation of a networked system or product. An attacker could exploit...
Apache Superset Code Injection Vulnerability
A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...
Apache Superset has an unspecified vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...
aflnet
It is an offensive tool for network protocols. The primary CVE ID is not explicitly stated in the provided context, but the tool is mentioned in a research paper that was accepted for publication at the IEEE International Conference on Software Testing, Verification and Validation ICST 2020. The...
Apache Superset Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...
Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration
Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...