Search CVE reports
1 – 10 of 12 results
CVE-2024-34251
Medium priorityAn out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the “block_type_get_arity” function in core/iwasm/interpreter/wasm.h.
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-34250
Medium priorityA heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the “wasm_loader_check_br” function...
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-32019
Medium priorityNetdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is...
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-23722
Medium priorityIn Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered...
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-22497
Medium priorityNetdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so...
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-22496
Medium priorityNetdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an...
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-1726
Medium priorityBootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data,...
2 affected packages
netdata, zoneminder
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
zoneminder | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
CVE-2018-18839
Medium priority** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says “is intentional.”
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Not affected | Not affected | Not affected | Not affected | Not in release |
CVE-2018-18838
Medium priorityAn issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2018-18837
Medium priorityAn issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
1 affected package
netdata
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
netdata | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |