← Back

My Netdata

my-netdata

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Netdata
netdata
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-18839
1My Netdata
1Netdata
Nov 21, 2024
Jun 18, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.
CVE-2018-18838
1My Netdata
1Netdata
Nov 21, 2024
Jun 18, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.
CVE-2018-18837
1My Netdata
1Netdata
Nov 21, 2024
Jun 18, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18836
1My Netdata
1Netdata
Nov 21, 2024
Jun 18, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.