2715 matches found
Unrestricted file upload
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...
CVE-2023-28435 Dataease file upload interface does not verify permission or file type
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...
CVE-2023-27578
CVE-2023-27578 affects the Galaxy open-source data-analysis platform. The root cause is an insufficient permission check, allowing an attacker to modify or delete any Galaxy Visualization or Galaxy Page, or copy/import a Visualization, if they know the encoded ID. Affected versions include all su...
CVE-2023-27578 Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check
Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...
SAP BusinessObjects Business Intelligence Platform Information Leakage Vulnerability
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. An information disclosure vulnerability exists in SAP BusinessObjects...
The vulnerability of the APDFL.dl library, a tool for 3D JT/JT2Go viewing and Teamcenter Visualization lifecycle management system, allows a perpetrator to execute arbitrary code.
The vulnerability of the APDFL.dll library, which is used by 3D JT, JT2Go, and Teamcenter Visualization lifecycle management systems, relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the APDFL.dl library, a tool for 3D JT/JT2Go viewing and Teamcenter Visualization lifecycle management system, allows a perpetrator to execute arbitrary code.
The vulnerability of the APDFL.dll library, which is used by 3D JT, JT2Go, and Teamcenter Visualization lifecycle management systems, relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
DEBIAN-CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486
CVE-2023-26486 concerns Vega’s scale expression function, which can pass a user-supplied group to getScale and allow the context to be treated as internal, enabling an escape of the Vega sandbox and arbitrary JavaScript execution. Public sources in the provided documents confirm this is a Vega vu...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26486 Vega `scale` expression function cross site scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487
Vega’s CVE-2023-26487 is a cross-site scripting vulnerability in the lassoAppend function. The issue stems from the first argument not being strictly typed as an array, allowing objects with a push function (potentially via event.view) to be passed and used in the push call, enabling XSS vectors ...
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...