Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sentry sentry vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32474
Sentry is an error tracking and performance monitoring platform. before 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to th...
NA
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry before 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Ivanti Standalone Sentry
1 Github repository
1 Article
NA
CVE-2023-46808
An file upload vulnerability in Ivanti ITSM prior to 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Ivanti Neurons For Itsm
1 Article
NA
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an malicious user to access certain restricted resources without authentication.
Ivanti Connect Secure 22.5
Ivanti Connect Secure 9.1
Ivanti Connect Secure 22.4
Ivanti Policy Secure 22.5
Ivanti Zero Trust Access 22.6
2 Github repositories
6 Articles
NA
CVE-2024-24829
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a cons...
Sentry Sentry
NA
CVE-2024-21893
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an malicious user to access certain restricted resources without authentication.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 9.1
Ivanti Connect Secure 21.9
Ivanti Connect Secure 21.12
Ivanti Policy Secure 22.2
Ivanti Policy Secure 22.1
Ivanti Policy Secure 9.1
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.6
Ivanti Policy Secure 22.3
Ivanti Policy Secure 22.6
Ivanti Policy Secure 22.5
Ivanti Policy Secure 22.4
Ivanti Connect Secure 9.0
Ivanti Policy Secure 9.0
Ivanti Neurons For Zero-trust Access -
1 Metasploit module
3 Github repositories
8 Articles
NA
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote malicious user to access restricted resources by bypassing control checks.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 9.1
Ivanti Policy Secure 22.2
Ivanti Policy Secure 22.1
Ivanti Policy Secure 9.1
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.6
Ivanti Policy Secure 22.3
Ivanti Policy Secure 22.6
Ivanti Policy Secure 22.5
Ivanti Policy Secure 22.4
Ivanti Connect Secure 9.0
Ivanti Policy Secure 9.0
1 Metasploit module
14 Github repositories
10 Articles
NA
CVE-2024-21887
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 9.1
Ivanti Policy Secure 22.2
Ivanti Policy Secure 22.1
Ivanti Policy Secure 9.1
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.6
Ivanti Policy Secure 22.3
Ivanti Policy Secure 22.6
Ivanti Policy Secure 22.5
Ivanti Policy Secure 22.4
Ivanti Connect Secure 9.0
Ivanti Policy Secure 9.0
2 Metasploit modules
14 Github repositories
11 Articles
NA
CVE-2023-51451
Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests cou...
Sentry Symbolicator
NA
CVE-2023-50249
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an malicious user to cause excessive computatio...
Sentry Astro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »