Vulnerabilities (CVE)

Filtered by vendor My-netdata Subscribe

Filtered by product Netdata

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-18836	1 My-netdata	1 Netdata	2020-08-24	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18837	1 My-netdata	1 Netdata	2019-06-19	5.8 MEDIUM	6.1 MEDIUM
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18839	1 My-netdata	1 Netdata	2019-06-18	5.0 MEDIUM	5.3 MEDIUM
DISPUTED An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional."