Siemens Jt2go 安全漏洞

JT2Go, a 3D JT viewing tool, and Teamcenter Visualization software enable companies to enhance their Product Lifecycle Management PLM environments with a comprehensive family of visualization solutions. The software allows business users to access documents, 2D drawings and 3D models in a single...

Siemens Jt2go缓冲区错误漏洞

JT2Go, a 3D JT viewing tool, and Teamcenter Visualization software enable companies to enhance their Product Lifecycle Management PLM environments with a comprehensive family of visualization solutions. The software allows business users to access documents, 2D drawings and 3D models in a single...

Siemens JT2Go and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Out-of-Bounds Write, Use of Uninitialized Variable, Out-of-Bounds Read, Off-by-One Error, Use-after-Free 2. RISK EVALUATION Successful exploitation of...

Grafana Unauthorized Arbitrary File Reading Vulnerability

Grafana Data Visualization Web Application Platform. Grafana Unauthorized Arbitrary File Reading vulnerability can be exploited by attackers to obtain sensitive information...

Redash has an unspecified vulnerability

Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions contain a security vulnerability that could be exploited by an attacker to spoof sessio...

CVE-2021-41192

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

CVE-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

CVE-2021-41192

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

Cross site request forgery (csrf)

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

Server side request forgery (ssrf)

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

Design/Logic Flaw

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

CVE-2021-43780 Server-Side Request Forgery (SSRF) in Redash

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

CVE-2021-43780

CVE-2021-43780 affects Redash: versions 10.0 and prior with URL-loading data sources (JSON, CSV, Excel) enabled, allowing server-side request forgery (SSRF). The root cause is unsafe URL-loading data sources; impact is exposure via SSRF to potentially internal resources. The recommended fix is up...

CVE-2021-41192

Redash CVE-2021-41192 affects Redash versions 10.0.0 and earlier when admins do not explicitly set REDASH_COOKIE_SECRET and REDASH_SECRET_KEY. A default secret is used that is the same across installations, enabling session forgery by attackers who know the default value (c292a0a3aa32397cdb050e23...

CVE-2021-43777

Redash 10.0 and earlier are affected by CVE-2021-43777 due to improper use of the OAuth state parameter in Google Login, where the state is used to pass the next URL instead of a CSRF nonce. The issue does not affect non-Google-Login users. A patch in the master and release/10.x.x branches replac...

Apache Superset Code Injection Vulnerability

A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Join us at InfoSec Jupyterthon 2021

We’re excited to invite our community of infosec analysts and engineers to the second annual InfoSec Jupyterthon taking place on December 2-3, 2021. This is an online event organized by our friends in the Open Threat Research Forge, together with folks from the Microsoft Threat Intelligence Cente...

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

OSIsoft PI Vision 安全漏洞

Osisoft OSIsoft PI Vision is a suite of visualization tools from OSIsoft Osisoft USA that supports accessing PI System data from mobile devices, and it supports self-configuration of trends, images, data values, etc. in order to present data information. A security vulnerability exists in OSIsoft...