BIT-REDASH-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

BIT-GRAFANA-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

BIT-GRAFANA-2022-39201 Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins

Grafana is an open source observability and data visualization platform. Starting with version 5.0.0 and prior to versions 8.5.14 and 9.1.8, Grafana could leak the authentication cookie of users to plugins. The vulnerability impacts data source and plugin proxy endpoints under certain conditions...

BIT-KIBANA-2020-7017

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map...

BIT-ELK-2020-7017

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map...

Apache Superset SQL Injection Vulnerability (CNVD-2024-26534)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...

CVE-2024-23328

CVE-2024-23328 concerns DataEase, an open-source data visualization/analysis tool. The vulnerability resides in the DataEase datasource implementation, specifically in the Java file Mysql.java, where unsafe deserialization can be triggered through bypassable blacklist checks on MySQL JDBC paramet...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2024-06442)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 3.0.3, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can ...

Integrating mPulse’s Beacon API with EdgeWorkers to Visualize All Client Requests

Akamai mPulse combines with Akamai EdgeWorkers to visualize any client request and uses its http-request module to let users send their own requests...

[SECURITY] Fedora 39 Update: zabbix-6.0.25-1.fc39

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to operations occurring outside the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the execution of operations beyond the buffer in memory when processing CGM format files. Exploiting this vulnerability can allow attackers to execute arbitrary code...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to operations occurring outside the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the execution of operations beyond the buffer in memory when processing CGM format files. Exploiting this vulnerability can allow attackers to execute arbitrary code...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization product lifecycle management system is related to errors in pointer assignment during the processing of CGM format files. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system, related to operations occurring outside the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the 3D viewing tool JT and the Teamcenter Visualization lifecycle management system lies in the execution of operations beyond the buffer in memory when processing CGM format files. Exploiting this vulnerability can allow attackers to execute arbitrary code...

Siemens JT2Go < 14.3.0.6 Multiple Vulnerabilities (SSA-794653)

The version of Siemens JT2Go installed on the remote host is prior to 14.3.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-794653 advisory. - A vulnerability has been identified in JT2Go All versions V14.3.0.6, Teamcenter Visualization V13.3 All versions...

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability (CNVD-2024-01390)

JT2Go is a JT file viewer.Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A buffer overflow vulnerability exists in Siemens JT2Go and Teamcenter Visualization, which can be exploited by an attacker to execute code in the context of the...

Siemens JT2Go and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2024-01393)

JT2Go is a JT file viewer.Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. Siemens JT2Go and Teamcenter Visualization have an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the...

Siemens JT2Go and Teamcenter Visualization null pointer dereference vulnerability (CNVD-2024-01392)

JT2Go is a JT file viewer.Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A null pointer dereference vulnerability exists in Siemens JT2Go and Teamcenter Visualization, which can be exploited by an attacker to cause the application to...

CVE-2023-51746

A vulnerability has been identified in JT2Go All versions V14.3.0.6, Teamcenter Visualization V13.3 All versions V13.3.0.13, Teamcenter Visualization V14.1 All versions V14.1.0.12, Teamcenter Visualization V14.2 All versions V14.2.0.9, Teamcenter Visualization V14.3 All versions V14.3.0.6. The...