CVE-2024-38865

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...

CVE-2024-38865

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...

CVE-2024-38865 Livestatus command injection in RestAPI

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...

CVE-2024-38865 Livestatus command injection in RestAPI

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...

CVE-2024-38865

CVE-2024-38865 affects Checkmk RestAPI: an improper neutralization of livestatus command delimiters in a specific endpoint allows arbitrary livestatus command execution. Affected versions are prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL). Exploitation requires the attacker to belong to a contac...

PT-2025-15924 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.2.0p39 Checkmk versions prior to 2.3.0p25 Checkmk versions prior to 2.1.0p51 Description: The issue is related to improper neutralization of livestatus command delimiters in a specific endpoint within the RestAPI o...

CVE-2024-53296

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

CVE-2024-53296

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

Dell PowerProtect Data Domain 安全漏洞

PowerProtect DD is a data protection and backup solution from Dell designed to provide efficient storage and data recovery. A stack buffer overflow vulnerability exists in Dell PowerProtect DD versions 7.13.1.10 and earlier and 7.10.1.40 and earlier, which stems from a failure to properly handle ...

Shiprocket Module 3 on OpenCart 注入漏洞

Shiprocket Module 3 on OpenCart is a shipping module from Shiprocket. An injection vulnerability exists in Shiprocket Module 3 on OpenCart version v3 and v4, which stems from the parameter x-username in the file /index.php?route=extension/shiprocket/module/restapi that can lead to SQL injection...

CVE-2024-8606

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

CVE-2024-8606

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

CVE-2024-8606

CVE-2024-8606 affects Checkmk, where the RestAPI allows bypassing two-factor authentication in affected versions (Checkmk before 2.3.0p16 and before 2.2.0p34) when accessed by authenticated users. The root cause is a 2FA bypass within the RestAPI. Documented impact is high/critical across confide...

CVE-2024-8606 Fix 2FA bypass via RestAPI

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

CVE-2024-8606 Fix 2FA bypass via RestAPI

Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication...

Unauthorized Access

aws-cdk is vulnerable to Unauthorized Access. The vulnerability is due to improper handling of authorization scopes when using the RestApi construct with CognitoUserPoolAuthorizer This flaw allows authenticated Amazon Cognito users to gain broader access than intended...

AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...

GHSA-QJ85-69XF-2VXQ AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...