CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

NVD•added 2024/07/15 8:15 p.m.•11 views

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

9.9CVSS0.00209EPSS

Exploits0References2

OSV•added 2024/07/15 7:33 p.m.•11 views

CVE-2024-39915 Authenticated remote code execution in Thruk

9.9CVSS6.9AI score0.00209EPSS

Exploits0References4

CVE•added 2023/06/08 6:59 p.m.•63 views

CVE-2023-34096

Thruk has a Path Traversal vulnerability (CVE-2023-34096) in panorama.pm affecting versions

8.8CVSS7.5AI score0.45105EPSS

Exploits5References11Affected Software1

OSV•added 2022/10/20 12:0 p.m.•16 views

GHSA-P373-JQFM-J6WR Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...

9.8CVSS9.5AI score0.16347EPSS

Exploits2References4

Github Security Blog•added 2022/10/20 12:0 p.m.•17 views

Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

9.8CVSS9AI score0.16347EPSS

Exploits2References4Affected Software1

NVD•added 2022/10/20 11:15 a.m.•10 views

CVE-2022-37298

9.8CVSS0.16347EPSS

Exploits2References2

OSV•added 2022/10/20 11:15 a.m.•14 views

CVE-2022-37298

9.8CVSS9.5AI score0.16347EPSS

Exploits2References2

UbuntuCve•added 2022/10/20 11:15 a.m.•17 views

CVE-2022-37298

9.8CVSS7.2AI score0.16347EPSS

Exploits2References3

Prion•added 2022/10/20 11:15 a.m.•7 views

Design/Logic Flaw

7.5CVSS9.5AI score0.16347EPSS

Exploits2References2Affected Software1

CNNVD•added 2022/10/20 12:0 a.m.•1 views

Shinken 授权问题漏洞

Shinken is a modern, Nagios-compatible monitoring framework from the individual developer Gabès Jean. An authorization issue vulnerability exists in Shinken Monitoring version 2.4.3, which stems from incorrect access control.The SafeUnpickler class in shinken/safepickle.py uses a weak...

9.8CVSS8.3AI score0.16347EPSS

Exploits2References3

CVE•added 2022/10/20 12:0 a.m.•73 views

CVE-2022-37298

CVE-2022-37298 affects Shinken Monitoring version 2.4.3. The issue stems from the SafeUnpickler class in shinken/safepickle.py, which implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken server, enabling improper access control. Technical ...

9.8CVSS9.4AI score0.16347EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2022/10/20 12:0 a.m.•2 views

PT-2022-23910 · Unknown · Shinken Monitoring

Name of the Vulnerable Software and Affected Versions: Shinken Monitoring version 2.4.3 Description: The issue is related to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring...

9.8CVSS9.3AI score0.16347EPSS

Exploits2References8