Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2024-34251

Medium priority
Needs evaluation

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the “block_type_get_arity” function in core/iwasm/interpreter/wasm.h.

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-34250

Medium priority
Needs evaluation

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the “wasm_loader_check_br” function...

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-32019

Medium priority
Needs evaluation

Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is...

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-23722

Medium priority
Needs evaluation

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered...

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-22497

Medium priority
Needs evaluation

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so...

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-22496

Medium priority
Needs evaluation

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an...

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-1726

Medium priority
Needs evaluation

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data,...

2 affected packages

netdata, zoneminder

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation
zoneminder Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-18839

Medium priority
Not affected

** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says “is intentional.”

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2018-18838

Medium priority
Needs evaluation

An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2018-18837

Medium priority
Needs evaluation

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.

1 affected package

netdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
netdata Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages