CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

CVE-2024-45037 AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

PT-2024-5491 · Debian +1 · Debian +1

Name of the Vulnerable Software and Affected Versions: RaspAP versions prior to 3.1.5 Description: The issue is related to the restapi.service file /lib/systemd/system/restapi.service in RaspAP, a software for creating wireless routers based on Debian. It is caused by the lack of measures to...

Design/Logic Flaw

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

CVE-2023-23584

CVE-2023-23584 concerns Gallagher Command Centre. A bug in the REST API creates an observable response discrepancy that lets an insufficiently privileged user infer the presence of items that would normally be hidden. Affected versions include Gallagher Command Centre 8.50 and earlier, 8.60 prior...

CVE-2023-23584

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 MR2, 8.60 prior to vEL8.60.2039 MR4, all...

Exchange Backups failing with "Failed to access mailbox" starting September 13th, 2023

This issue is related to EX675238 listed in the Microsoft Health Dashboard, which caused some M365 environments to have issues with RESTAPI calls used to access the mailboxes externally...

Checkmk 2.2.x < 2.2.0p5 Information Disclosure Vulnerability

Checkmk is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

CVE-2023-22359 User-enumeration in RestAPI

User enumeration in Checkmk =2.2.0p4 allows an authenticated attacker to enumerate usernames...

Checkmk Authorization Issues Vulnerability (CNVD-2023-39427)

Checkmk is an editor. Checkmk GmbH suffers from an authorization issue vulnerability that stems from improper RestAPI authorization, which can be exploited by an authenticated attacker to read arbitrary host configurations...

CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

Authorization

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

UBUNTU-CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

CVE-2023-22348

CVE-2023-22348 affects Checkmk with improper authorization in the REST API. Versions prior to 2.1.0p28 and prior to 2.2.0b8 allow remote authenticated users to read arbitrary host_configs due to insufficient access checks. Impact is limited to confidentiality (read of host_configs); no integrity/...

CVE-2023-22348 Reading host_configs does not honour contact groups

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...

UBUNTU-CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...