Metabase 1.52.x < 1.52.2.5

The version of Metabase installed on the remote host is 1.52.x prior to 1.52.2.5. It is, therefore, affected by a information disclosure vulnerability. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users...

Metabase 0.44.x < 0.44.7 / 0.45.x < 0.45.4 / 0.46.x < 0.46.3 / 1.44.x < 1.44.7 / 1.45.x < 1.45.4 / 1.46.x < 1.46.3

The version of Metabase installed on the remote host is affected by an access control vulnerability. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that...

CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...

CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users

Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There ar...

CVE-2023-23628 Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor

Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the...

CVE-2017-15302

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...

CVE-2017-15302

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running on t...