CVE-2022-25371

CVE-2022-25371 involves Apache OFBiz with the Birt plugin. A bug in Birt (Eclipse bug 538142) enables a remote code execution (RCE) attack in OFBiz 18.12.05 and earlier. The connected Red Hat/NVD entries confirm the RCE impact and affected version range. No details on a fixed/version upgrade are ...

PT-2022-17249 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 18.12.05 and earlier Description: The issue allows for a remote code execution RCE attack by leveraging a bug in the Birt project plugin used for data visualizations and reports. Recommendations: For Apache OFBiz version...

CVE-2022-34838

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user...

ABB Zenon 安全漏洞

ABB Zenon is a secure operational data management platform from ABB Switzerland. Easily connect machines, infrastructure and production assets. ABB Zenon 8.20 and prior versions have a security vulnerability that stems from a recoverable format storage password vulnerability that can be...

Fedora: Security Advisory for python-notebook (FEDORA-2022-85aa8e5706)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python-notebook-6.4.0-4.fc35

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

@frostoven/alkalurops (>=1.28.2 <=1.28.5), @h5web/app (>=0.1.0-beta.1 <=4.2.0-beta.1) +14 more potentially affected by unknown CVE via d3-color (=3.0.1)

d3-color NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on d3-color and may be impacted: - @frostoven/alkalurops =1.28.2, =0.1.0-beta.1, =0.1.0-beta.0, =0.1.1, =1.0.1, =0.2.0, =0.1.6, =0.1.1, =0.2.0, =0.2.0, =0.0.2, =0.3.0, =0.1.0,...

CVE-2020-26296

A flaw was found in nodejs-vega. An attacker, using a specially crafted Vega expression, could execute a cross-side scripting attack on a victim's machine allowing them to execute arbitrary JavaScript. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation...

[SECURITY] Fedora 32 Update: ocp-0.1.22-0.28.git849cc42.fc32

Open Cubic Player is a music file player ported from DOS that supports Amiga MOD module formats and many variants, such as MTM, STM, 669, S3M, XM, and IT. It is also able to render MIDI files using sound patches and play SID, OGG Vorbis, FLAC, and WAV files. OCP provides a nice text-based interfa...

Cross-site Scripting (XSS)

Overview lightning-server is a lightning dataviz notebooks server. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to inject malicious JavaScript code as part of a session controller. PoC POST...

Cross-Site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS. Lack of validation and sanitization in the coordinate and region map visualizations allows a remote attacker to inject arbitrary Javascript into a user's browser via the options attribution settings...

Cross site scripting

Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting XSS flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboa...

Elastic Stack 6.8.6 and 7.5.1 security update

Kibana XSS ESA-2019-17 Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting XSS flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that...

CVE-2019-17334

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

Design/Logic Flaw

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

CVE-2019-17334 TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with...

Fedora Update for python-notebook FEDORA-2018-b792d607fd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python-notebook FEDORA-2019-9e67979b2a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: python-notebook-5.7.8-1.fc30

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 28 Update: python-notebook-5.5.0-6.fc28

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...