Lucene search
K

65 matches found

nvd
nvd
added 2023/01/14 1:15 a.m.35 views

CVE-2023-22496

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...

9.8CVSS9.6AI score0.36171EPSS
Exploits2References1
ubuntucve
ubuntucve
added 2023/01/14 1:15 a.m.295 views

CVE-2023-22496

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...

9.8CVSS7.2AI score0.36171EPSS
Exploits2References2
cve
cve
added 2023/01/14 1:2 a.m.106 views

CVE-2023-22497

Netdata CVE-2023-22497 concerns a streaming configuration flaw where a valid MACHINE_GUID could be used as an API key in stream.conf, allowing non-trusted users to access parent/child Netdata Agents. Affects Netdata agents that expose streaming functionality; attacker could leverage this to acces...

9.1CVSS7.7AI score0.0068EPSS
Exploits1References2Affected Software1
debiancve
debiancve
added 2023/01/14 1:2 a.m.28 views

CVE-2023-22497

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...

9.1CVSS7.6AI score0.0068EPSS
Exploits1
cvelist
cvelist
added 2023/01/14 12:59 a.m.17 views

CVE-2023-22496 Netdata vulnerable to command injection

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...

8.1CVSS10AI score0.36171EPSS
Exploits2References1
debiancve
debiancve
added 2023/01/14 12:59 a.m.25 views

CVE-2023-22496

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...

9.8CVSS10AI score0.36171EPSS
Exploits2
cve
cve
added 2023/01/14 12:59 a.m.185 views

CVE-2023-22496

CVE-2023-22496 affects Netdata. An attacker able to establish a streaming connection can manipulate a health alert’s non-sanitized argument (registry_hostname) to cause the Netdata agent to execute arbitrary commands on the remote host as the netdata user. This is triggered during health_alarm_ex...

9.8CVSS9.5AI score0.36171EPSS
Exploits2References1Affected Software1
cnvd
cnvd
added 2022/04/11 12:0 a.m.24 views

OpServices OpMon Cross-Site Scripting Vulnerability

OpServices OpMon is IT infrastructure monitoring software from OpServices Brazil. It can help your organization manage events in an automated manner.OpServices OpMon version 9.11 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client...

6.1CVSS3.1AI score0.02293EPSS
Exploits4References1
fedora
fedora
added 2022/03/22 3:19 a.m.35 views

[SECURITY] Fedora 34 Update: zabbix-5.0.21-1.fc34

Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...

4.6CVSS4.9AI score0.01203EPSS
Exploits0
threatpost
threatpost
added 2021/06/24 10:0 a.m.249 views

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...

8.3AI score
Exploits0References20
bdu_fstec
bdu_fstec
added 2021/06/15 12:0 a.m.8 views

The vulnerability of the cron/cmd_subsys.php implementation of the software for monitoring IT infrastructure by Nagios Fusion allows a perpetrator to escalate their privileges.

The vulnerability of the cron/cmdsubsys.php implementation of the Nagios Fusion IT infrastructure monitoring software is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

10CVSS8AI score0.06435EPSS
Exploits1References5Affected Software1
cnvd
cnvd
added 2021/04/23 12:0 a.m.10 views

Zoho ManageEngine OpManager Remote Code Execution Vulnerability (CNVD-2021-30701)

ZOHO ZOHO ManageEngine OpManager is an end-to-end integrated network management software, which can realize all-round, visualized, unified and centralized monitoring and management of IT infrastructure such as network devices, servers, hosts, WAN links, applications and services within the...

9.8CVSS7.7AI score0.51332EPSS
Exploits4References1
cnvd
cnvd
added 2021/04/09 12:0 a.m.4 views

Weak password vulnerability in xbrother data center infrastructure monitoring

Ltd. is China's leading green and intelligent data center total solution provider, dedicated to making data centers simpler, safer, more efficient and energy-saving. In the fields of modular data center, monitoring and management, energy-saving transformation and remote operation and maintenance...

7.1AI score
Exploits0
cnvd
cnvd
added 2021/02/28 12:0 a.m.11 views

Nagios XI Code Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A code injection vulnerability exists in Nagios XI versions prior to 5.7. The vulnerability stems from the...

9CVSS7.2AI score0.05631EPSS
Exploits1References1
packetstorm
packetstorm
added 2020/09/07 12:0 a.m.566 views

Cabot 0.11.12 Cross Site Scripting

Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2020/09/07 12:0 a.m.621 views

Cabot 0.11.12 - Persistent Cross-Site Scripting

Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...

7.4AI score
Exploits0
nvd
nvd
added 2020/04/06 4:15 p.m.25 views

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

9CVSS7.5AI score0.27485EPSS
Exploits2References5
cvelist
cvelist
added 2020/04/06 3:30 p.m.26 views

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

7.6AI score0.27485EPSS
Exploits2References5
exploitpack
exploitpack
added 2020/01/29 12:0 a.m.45 views

Centreon 19.10.5 - centreontrapd Remote Command Execution

Centreon 19.10.5 - centreontrapd Remote Command Execution Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version:...

0.2AI score
Exploits0
exploitdb
exploitdb
added 2020/01/29 12:0 a.m.177 views

Centreon 19.10.5 - 'Pollers' Remote Command Execution

Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...

7AI score
Exploits0
Rows per page
Query Builder