Lucene search
+L

141 matches found

CNVD
CNVD
added 2023/09/11 12:0 a.m.45 views

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

5.4CVSS6.8AI score0.00806EPSS
Exploits0References1
CNVD
CNVD
added 2023/09/11 12:0 a.m.30 views

Apache Superset Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...

4.3CVSS6.7AI score0.0074EPSS
Exploits0References1
CNVD
CNVD
added 2023/09/08 12:0 a.m.32 views

Apache Superset Unauthorized Access Vulnerability

Apache Superset is a Python language based development of open source fashionable data exploration and analysis and visualization of the reporting platform , support for rich data sources , and has a colorful visualization of the charts to choose from . An unauthorized access vulnerability exists...

5CVSS6.4AI score0.00726EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/25 12:18 a.m.12 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS6.9AI score0.00464EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

EasyImages 安全漏洞

EasyImages is a thin wrapper on PIL by Jakub Cieslik individual developer. It is used for exploring, visualizing and sharing images. A security vulnerability exists in EasyImages version v2.0, which stems from the presence of an arbitrary file download vulnerability that can be exploited by an...

7.5CVSS7.5AI score0.00759EPSS
Exploits1References2
CNVD
CNVD
added 2023/01/18 12:0 a.m.23 views

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...

5.4CVSS3.1AI score0.0124EPSS
Exploits0References1
CNVD
CNVD
added 2023/01/18 12:0 a.m.30 views

Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...

5.3CVSS4.5AI score0.01229EPSS
Exploits0References1
Veracode
Veracode
added 2022/11/10 12:13 a.m.27 views

Information Disclosure

tripleoansible is vulnerable to Information Disclosure. The vulnerability exists due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted which allows an local attacker to use a brute force attack to explore the relevant directory and discover...

5.5CVSS5.1AI score0.00201EPSS
Exploits0References3Affected Software2
Fedora
Fedora
added 2022/07/31 1:37 a.m.20 views

[SECURITY] Fedora 36 Update: gron-0.7.1-3.fc36

gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...

1.2AI score
Exploits0
Fedora
Fedora
added 2022/07/13 2:0 a.m.29 views

[SECURITY] Fedora 36 Update: gron-0.7.1-2.fc36

gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...

9.3CVSS1.2AI score0.0995EPSS
Exploits4
Microsoft Secure
Microsoft Secure
added 2022/06/01 6:0 p.m.20 views

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...

6.9AI score
Exploits0
Fedora
Fedora
added 2022/05/28 1:32 a.m.44 views

[SECURITY] Fedora 34 Update: gron-0.6.1-2.fc34

gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON...

7.5CVSS1.2AI score0.04195EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2022/04/08 9:12 p.m.16 views

Friday Squid Blogging: Do Squid Have Emotions?

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we dont know, but cant rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates dont feel pain and other emotions. "If they can no longer be...

0.9AI score
Exploits0
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.5 views

WEKA INTEREST Security Scanner 安全漏洞

WEKA INTEREST Security Scanner is a commonly used software for data exploration by the University of Waikato team in New Zealand. A security vulnerability exists in WEKA INTEREST Security Scanner version 1.8 LAN Viewer, which results in a denial of service when unknown input is used in certain...

5.5CVSS5.7AI score0.00252EPSS
Exploits0References4
CNVD
CNVD
added 2022/02/10 12:0 a.m.27 views

Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that originates from errors such as configuration during operation of a networked system or product. An attacker could exploit...

6.5CVSS6AI score0.07863EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.24 views

Apache Superset Code Injection Vulnerability

A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...

6.5CVSS4.3AI score0.01761EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/16 12:0 a.m.28 views

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

6.5CVSS5.5AI score0.01449EPSS
Exploits0References1
Gitee
Gitee
added 2021/10/23 11:46 p.m.5 views

aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly stated in the provided context, but the tool is mentioned in a research paper that was accepted for publication at the IEEE International Conference on Software Testing, Verification and Validation ICST 2020. The...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/10/19 12:0 a.m.17 views

Apache Superset Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

3.5CVSS2.7AI score0.01602EPSS
Exploits0Affected Software1
Imperva Blog
Imperva Blog
added 2021/01/12 1:47 p.m.124 views

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...

0.5AI score
Exploits0
Rows per page
Query Builder