Design/Logic Flaw

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

UBUNTU-CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

Sql injection

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

UBUNTU-CVE-2018-18839

DISPUTED An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional."...

UBUNTU-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

UBUNTU-CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

Path traversal

DISPUTED An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional."...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18836

Netdata CVE-2018-18836 is a JSON injection vulnerability in Netdata 1.10.0 via api/v1/data tqx parameter (web_client_api_request_v1_data in web/api/web_api_v1.c). Connected advisories indicate fixes in later Netdata releases (e.g., update to 1.31.0 per OpenSUSE/OpenSUSE-SU-2021-1603-1 and related...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18837

CVE-2018-18837 affects Netdata 1.10.0 and is described as HTTP Header Injection via the api/v1/data filename parameter due to web_client_api_request_v1_data in web/api/web_api_v1.c. The vulnerability is categorized as a header injection issue (CVSS details shown in the entry: CVSSv3 base score 6....

CVE-2018-18837

An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

CVE-2018-18838

CVE-2018-18838 affects Netdata 1.10.0 and is a log injection vulnerability reachable via a %0a sequence in the url parameter to api/v1/registry. The CVSS:3.0 base is 7.5 (HIGH) with network access and no authentication; integrity impact is HIGH, confidentiality/availability are none. Public advis...

CVE-2018-18838

An issue was discovered in Netdata 1.10.0. Log Injection or Log Forgery exists via a %0a sequence in the url parameter to api/v1/registry...

CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...