[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 41 Update: python-notebook-7.2.2-1.fc41

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

[SECURITY] Fedora 39 Update: python-notebook-7.0.7-1.fc39

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Expanded Coverage and New Attack Path Visualizations Help Security Teams Prioritize Cloud Risk and Understand Blast Radius

Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud h...

CVE-2023-45807 OpenSearch Issue with tenant read-only permissions

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

CVE-2023-45807

OpenSearch Dashboards contains a tenant-permissions issue where authenticated users with read-only access to a tenant can create, edit, or delete index metadata for dashboards/visualizations in that tenant. This affects metadata only (not index data); read-only verification for data remains intac...

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site...

Cross site scripting

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site...

CVE-2023-28530 IBM Cognos Analytics cross-site scripting

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site...

CVE-2023-28530

IBM Cognos Analytics 11.1 and 11.2 are affected by a stored cross-site scripting (XSS) vulnerability caused by improper validation of SVG files in Custom Visualizations. A remote attacker could execute scripts in a victim’s browser within the hosting site’s security context and potentially steal ...

PT-2023-21781 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1 through 11.2 Description: The issue is caused by improper validation of SVG files in Custom Visualizations, leading to stored cross-site scripting. A remote attacker could exploit this to execute scripts in ...

Hive Pro Announces Release of Version 3.0.1 of Threat Exposure Management Platform

Introducing Self-Service SaaS for HivePro Uni5 Flagship Product and Enhanced Visualizations for Improved Cybersecurity Insights Milpitas, CA – 6th July 2023—Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce the release of version 3.0.1 of the Hive Pro: Threat...

CVE-2023-27578 Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. Vega suffers from a cross-site scripting vulnerability that stems...

SUSE CVE-2019-7621

Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting XSS flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboa...

Join us at InfoSec Jupyterthon 2022

Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...

CVE-2022-41558

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server...

Remote code execution

Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....

Cross site scripting

Apache OFBiz uses the Birt plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142, an unauthenticated malicious user...