48 matches found
CVE-2018-18839
An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...
DEBIAN-CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18839
An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18837
An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18839
An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...
CVE-2018-18839
CVE-2018-18839 affects Netdata 1.10.0 and is described as Full Path Disclosure via api/v1/alarms. The vendor states this behavior is intentional. OpenSUSE advisories mark CVE-2018-18839 as disputed/not fixed in some Nessus entries, while later advisories describe the update as addressing other is...
Server side request forgery (ssrf)
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...