Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netdata netdata vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-22496
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_exec...
Netdata Netdata
9.1
CVSSv3
CVE-2023-22497
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. ...
Netdata Netdata
6.1
CVSSv3
CVE-2019-9834
The Netdata web application up to and including 1.13.0 allows remote malicious users to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, pot...
Netdata Netdata
6.5
CVSSv3
CVE-2018-18836
An issue exists in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
My-netdata Netdata 1.10.0
6.1
CVSSv3
CVE-2018-18837
An issue exists in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
My-netdata Netdata 1.10.0
7.5
CVSSv3
CVE-2018-18838
An issue exists in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
My-netdata Netdata 1.10.0
5.3
CVSSv3
CVE-2018-18839
An issue exists in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.
My-netdata Netdata 1.10.0
NA
CVE-2024-32019
Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an malicious user to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the S...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started