Oracle Linux 9 : grafana (ELSA-2023-2167)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2167 advisory. - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana:...

[SECURITY] Fedora 37 Update: vtk-9.1.0-18.fc37

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

CVE-2023-26486

A flaw was found in one of Kibana’s dependencies. This flaw allows an attacker to perform Cross-site scripting XSS after loading a maliciously crafted custom visualization in Kibana...

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 CVSS score: 8.9, impacts versions up to and including 2.0.1 and relat...

Apache DolphinScheduler Authorization Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...

CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

Authentication flaw

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

B&R Industrial Automation B&R VC4 授权问题漏洞

B&R Industrial Automation B&R VC4 is a visualization system from B&R Industrial Automation, Austria. It can be used to create line displays or to control integrated or remote XGA displays with keys and/or touch screens. A security vulnerability exists in the B&R Industrial Automation B&R VC4 that...

Siemens Teamcenter Visualization 安全漏洞

Siemens Teamcenter Visualization is the German Siemens Siemens company's a can be designed for 2D, 3D scenes to provide teamwork function of the software. Siemens Teamcenter Visualization suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Augment Security Asset Tagging with Custom Assessment and Remediation (CAR)

Security asset tagging provides a flexible and scalable way to organize the assets in your environment based on specific requirements. It enables you to create tags and assign them to your assets, which can improve your cybersecurity maturity and reduce risks for breaches and audit failures. Qual...

The vulnerability of the Grafana data visualization web tool, related to insufficient cleaning of user data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the Grafana data visualization web tool is related to insufficient cleaning of user data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

Remote code execution

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

CVE-2023-28437

Dataease SQL injection vulnerability (CVE-2023-28437) is caused by a missing entries in the keyword blacklist protecting against SQLi. Affects Dataease prior to version 1.18.5; fix released in 1.18.5. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack, LOW complexity, no privileges, no user ...