CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

Debian: Security Advisory (DLA-3562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38752

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings...

CVE-2023-38752

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

PT-2023-26583 · Unknown · Special Interest Group Network For Analysis/Liaison

Name of the Vulnerable Software and Affected Versions: Special Interest Group Network for Analysis and Liaison versions 4.4.0 through 4.7.7 Description: The issue allows authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the...

GHSA-JJQF-J4W7-92W8 Strapi leaking sensitive user information by filtering on private fields

Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...

Strapi leaking sensitive user information by filtering on private fields

Summary Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. Details Strapi through 4.7.1 allows unauthenticated attackers to discover sensitive user details for Strapi administrators and API users. The unauthenticated...

IDOR Vulnerability Allow the owner of one Organization can edit, delete and resetpassword users that belong to other organization

1 first, we create two organizations: org1 and org2. The owner of them is user1 and user2 corresponding. 2 we login as user1 and reset itsself password. 3 using the burpsuit to hack hijack the post. 4 The post and can be like: PUT...

SUSE CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

Salt's PAM auth fails to reject locked accounts

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

CVE-2022-22967

Removed by vendor...

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

Design/Logic Flaw

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

CVE-2022-30618

The CVE-2022-30618 entry describes a vulnerability in Strapi where an authenticated user with access to the Strapi admin panel can view private data (e.g., email, password reset tokens) of API users when content types have relationships to API users (from: users-permissions). The leak occurs in J...

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

Debian DLA-2816-1 : icinga2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2816 advisory. - Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

UBUNTU-CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...