VYPR

Asg Sentry

by Asg Sentry

Source repositories

CVEs (11)

  • CVE-2021-47935HigMay 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin…

  • CVE-2024-35196LowMay 31, 2024
    risk 0.06cvss 2.0epss 0.01

    Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this…

  • CVE-2008-1322Mar 13, 2008
    risk 0.04cvss epss 0.10

    The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection…

  • CVE-2008-1321Mar 13, 2008
    risk 0.04cvss epss 0.08

    The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.

  • CVE-2008-1320Mar 13, 2008
    risk 0.04cvss epss 0.16

    Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on…

  • CVE-2026-26004Mar 17, 2026
    risk 0.00cvss epss 0.00

    Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference (IDOR) vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue.

  • CVE-2025-53099Jul 1, 2025
    risk 0.00cvss epss 0.01

    Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain…

  • CVE-2024-48743Oct 25, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter.

  • CVE-2024-24829Feb 8, 2024
    risk 0.00cvss epss 0.00

    Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a…

  • CVE-2023-51451Dec 22, 2023
    risk 0.00cvss epss 0.00

    Symbolicator is a service used in Sentry. Starting in Symbolicator version 0.3.3 and prior to version 21.12.1, an attacker could make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests…

  • CVE-2023-49094Nov 30, 2023
    risk 0.00cvss epss 0.01

    Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to…