CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

PT-2021-6701 · Icinga +1 · Icinga +1

Name of the Vulnerable Software and Affected Versions: Icinga versions 2.4.0 through 2.12.4 Description: The issue concerns a monitoring system that checks network resource availability and generates performance data. It may allow privilege escalation for authenticated API users. With a read-only...

Information Disclosure

docker is vulnerable to information disclosure. The vulnerability exists as debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. It potentially applies to other API users of the...

PT-2019-14506 · Vmware · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 1.7.0 through 1.8.2 Description: The issue allows non-admin users to create admin accounts via the "POST /api/users" API endpoint, when Harbor is set up with a DB as the authentication backend and allows users to do...

Design/Logic Flaw

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

CVE-2019-13509

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

Denial Of Service (DoS)

CloudForms Management Engine cfme is vulnerable to denial of serviceDoS attacks. An attacker is able to execute arbitrary methods via filtering on VMs that MiqExpression will execute, triggerable by API users. An attacker could use this flaw to crash the application...

Privilege escalation

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

cfme: Execution of arbitrary methods through filter param

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...

CVE-2017-7530

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...