Lucene search
K

57 matches found

Vulnrichment
Vulnrichment
added 2025/05/19 6:52 p.m.6 views

CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...

9.9CVSS9.4AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 6:52 p.m.17 views

CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation

Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...

9.9CVSS0.00374EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 6:52 p.m.37 views

CVE-2025-47284

The CVE-2025-47284 detail concerns Gardener’s gardenlet component. A vulnerability allows a user with administrative privileges for a Gardener project to gain control over seed clusters where their shoots are managed. Affected versions are prior to 1.116.4, 1.117.5, 1.118.2, and 1.119.0. The issu...

9.9CVSS9.4AI score0.00374EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/14 9:15 p.m.9 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS7AI score0.002EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/02/14 9:15 p.m.19 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS7AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/14 8:16 p.m.11 views

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 8:16 p.m.9 views

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

6.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/12/26 8:27 p.m.3 views

GHSA-8596-2JGR-PPJ7 Amazon Redshift JDBC Driver vulnerable to SQL Injection

Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. Impact A SQL...

8.6CVSS5.9AI score0.00579EPSS
Exploits0References5
NVD
NVD
added 2024/09/12 12:15 a.m.11 views

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 11:27 p.m.21 views

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 11:27 p.m.8 views

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS7AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.3 views

Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞

Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0, which originates from disclosing the database...

8.5CVSS7.1AI score0.00271EPSS
Exploits0References2
Xen Project
Xen Project
added 2024/07/16 12:0 p.m.28 views

Xapi: Metadata injection attack against backup/restore functionality

ISSUE DESCRIPTION For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk...

3.8CVSS6.1AI score0.002EPSS
Exploits0
NVD
NVD
added 2023/11/01 10:15 p.m.9 views

CVE-2023-46448

Reflected Cross-Site Scripting XSS vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images...

6.1CVSS6AI score0.00399EPSS
Exploits1References2
OSV
OSV
added 2021/09/09 3:15 p.m.2 views

UBUNTU-CVE-2021-22239

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...

5CVSS5.8AI score0.00592EPSS
Exploits0References3
Prion
Prion
added 2021/05/26 10:15 p.m.21 views

Code injection

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...

4.3CVSS6AI score0.01391EPSS
Exploits1References3Affected Software1
exploitpack
exploitpack
added 2017/10/09 12:0 a.m.84 views

PHP Melody 2.7.3 - Multiple Vulnerabilities

PHP Melody 2.7.3 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages...

7.5CVSS0.4AI score0.01485EPSS
Exploits4
Rows per page
Query Builder