The vulnerability of the Grafana Alloy data visualization system lies in the absence of quotation marks when writing elements or search paths. This allows attackers to escalate their privileges.

The vulnerability of the Grafana Alloy data visualization system is related to the absence of quotation marks in the wording of elements or search paths. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Grafana Agent’s data visualization system lies in the lack of quotation marks when writing elements or search paths, allowing attackers to exploit their privileges.

The vulnerability of the Grafana Agent visualization system is related to the absence of quotation marks in the writing of elements or search paths. Exploiting this vulnerability can allow attackers to increase their privileges...

What’s New in Rapid7 Products & Services: Q3 2024 in Review

This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform. With this, we introduced two exciting new products:...

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

PYSEC-2024-273

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346

CVE-2024-42346 affects Galaxy: stored Cross-Site Scripting via the editor visualization endpoint at /visualizations. The vulnerability arises from storing HTML/JS that can execute on edit operations. Patches were applied across supported Galaxy branches (to mitigate this risk); upgrading to the p...

PT-2024-29883 · Galaxy · Galaxy

Name of the Vulnerable Software and Affected Versions: Galaxy versions prior to the latest patched version Description: The issue concerns the editor visualization, specifically the "/visualizations" endpoint, which can be used to store HTML tags and trigger javascript execution upon an edit...

Performance Co-Pilot 安全漏洞

Performance Co-Pilot is an open source software infrastructure for monitoring, visualizing, logging, responding to, and controlling the state, activity, and performance of networks, computers, applications, and servers. Performance Co-Pilot has a security vulnerability that stems from the ability...

PT-2024-9536 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2302.0016 Tecnomatix Plant Simulation versions prior to V2404.0005 Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter...

PT-2024-9537 · Siemens · Tecnomatix Plant Simulation +1

Name of the Vulnerable Software and Affected Versions: Teamcenter Visualization versions prior to V14.2.0.14 Teamcenter Visualization versions prior to V14.3.0.12 Teamcenter Visualization versions prior to V2312.0008 Tecnomatix Plant Simulation versions prior to V2302.0016 Tecnomatix Plant...

Siemens SIMATIC SCADA and PCS 7 systems Remote Code Execution Vulnerability

SIMATIC Information Server is used to report and visualize process data stored in SIMATIC process Historian, the SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC PCS-neo long-term archiving system. It stores process values, alarms, and batch data from the production plant in its database and provides...

The vulnerability of the Kibana data visualization service, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.

The vulnerability of the Kibana data visualization service is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted YAML file...

The vulnerability of the Kibana data visualization service, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.

The vulnerability of the Kibana data visualization service is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created YAML document...

[SECURITY] Fedora 40 Update: zabbix-6.0.33-1.fc40

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

The vulnerability of software for visualizing production metrics in FUJITSU Network Edgiot arises from incorrect restrictions on the path name to the restricted-access catalog, allowing attackers to influence data confidentiality.

The vulnerability of software for visualizing production metrics in FUJITSU Network Edgiot is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to influence data confidentiality...