CVE-2023-30776 Apache Superset: Database connection password leak

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

Design/Logic Flaw

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-25507

The CVE-2023-25507 issue affects NVIDIA DGX-1 BMC SPX REST API. A privileged, authenticated attacker can inject arbitrary shell commands via the REST API, potentially enabling code execution, denial of service, information disclosure, or data tampering. Public sources corroborate affecting DGX-1 ...

PT-2023-20120 · Nvidia · Nvidia Dgx-1 Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA DGX-1 BMC, where an attacker with the appropriate authorization level can inject arbitrary shell commands. This may lead to code...

Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

LFI in Model Version REST API creation

Description By creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to...

CVE-2023-2020

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

Design/Logic Flaw

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020 Unauthorized scheduling of downtimes via REST API

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020 Unauthorized scheduling of downtimes via REST API

Insufficient permission checks in the REST API in Tribe29 Checkmk = 2.1.0p27 and = 2.2.0b4 beta allow unauthorized users to schedule downtimes for any host...

CVE-2023-2020

The CVE-2023-2020 entry concerns Checkmk (Tribe29) REST API permission checks. Affected products are Checkmk versions prior to 2.1.0p27 and prior to 2.2.0b4 (beta). The root cause is insufficient permission checks in the REST API, which allows unauthorized users to schedule downtimes for any host...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk that stems from insufficient REST API permission checking, which allows an attacker to schedule downtime for any host. Affected products and versions: Tribe29 Checkmk 2.1.0p27 and earlier, 2.2.0b4 beta and earlier...

Checkmk 2.1.x < 2.1.0p27 Improper Permission Handling Vulnerability

Checkmk is prone to an improper permission handling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-2JG5-XGVV-4WQ7 Mailman Core vulnerable to timing attacks

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

Mailman Core vulnerable to timing attacks

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...