57 matches found
CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...
CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the gardenlet component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a...
CVE-2025-47284
The CVE-2025-47284 detail concerns Gardener’s gardenlet component. A vulnerability allows a user with administrative privileges for a Gardener project to gain control over seed clusters where their shoots are managed. Affected versions are prior to 1.116.4, 1.117.5, 1.118.2, and 1.119.0. The issu...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
GHSA-8596-2JGR-PPJ7 Amazon Redshift JDBC Driver vulnerable to SQL Injection
Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. Impact A SQL...
CVE-2024-28981
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...
Hitachi Vantara Pentaho Data Integration & Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration & Analytics is a data integration and analytics system from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.1.0.0, which originates from disclosing the database...
Xapi: Metadata injection attack against backup/restore functionality
ISSUE DESCRIPTION For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk...
CVE-2023-46448
Reflected Cross-Site Scripting XSS vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images...
UBUNTU-CVE-2021-22239
An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later...
Code injection
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...
PHP Melody 2.7.3 - Multiple Vulnerabilities
PHP Melody 2.7.3 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages...