CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

NVD•added 2024/07/15 8:15 p.m.•13 views

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

9.9CVSS0.00552EPSS

Exploits0References2

OSV•added 2024/07/15 7:33 p.m.•20 views

CVE-2024-39915 Authenticated remote code execution in Thruk

9.9CVSS6.9AI score0.00552EPSS

Exploits0References4

BDU FSTEC•added 2024/03/14 12:0 a.m.•3 views

The vulnerability of the panorama.pm web interface component in monitoring consoles for Naemon, Nagios, Icinga, and Shinken THRUK allows a hacker to load any file they desire.

The vulnerability of the panorama.pm web interface of the monitoring console for Naemon, Nagios, Icinga, and Shinken THRUK relates to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to download any file remotely...

9CVSS7.5AI score0.62682EPSS

Exploits5References12Affected Software1

CVE•added 2023/06/08 6:59 p.m.•70 views

CVE-2023-34096

Thruk has a Path Traversal vulnerability (CVE-2023-34096) in panorama.pm affecting versions

8.8CVSS7.5AI score0.62682EPSS

Exploits5References11Affected Software1

OSV•added 2022/10/20 12:0 p.m.•17 views

GHSA-P373-JQFM-J6WR Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...

9.8CVSS9.5AI score0.01991EPSS

Exploits2References4

Github Security Blog•added 2022/10/20 12:0 p.m.•20 views

Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control

9.8CVSS9AI score0.01991EPSS

Exploits2References4Affected Software1

NVD•added 2022/10/20 11:15 a.m.•29 views

CVE-2022-37298

9.8CVSS0.01991EPSS

Exploits2References2

OSV•added 2022/10/20 11:15 a.m.•25 views

CVE-2022-37298

9.8CVSS9.5AI score0.01991EPSS

Exploits2References2

Prion•added 2022/10/20 11:15 a.m.•11 views

Design/Logic Flaw

7.5CVSS9.5AI score0.01991EPSS

Exploits2References2Affected Software1

UbuntuCve•added 2022/10/20 11:15 a.m.•19 views

CVE-2022-37298

9.8CVSS7.2AI score0.01991EPSS

Exploits2References3

Positive Technologies•added 2022/10/20 12:0 a.m.•4 views

PT-2022-23910

Name of the Vulnerable Software and Affected Versions Shinken Monitoring version 2.4.3 Description The issue is related to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nod...

9.8CVSS7.2AI score0.01991EPSS

Exploits2References11

CVE•added 2022/10/20 12:0 a.m.•79 views

CVE-2022-37298

CVE-2022-37298 affects Shinken Monitoring version 2.4.3. The issue stems from the SafeUnpickler class in shinken/safepickle.py, which implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken server, enabling improper access control. Technical ...

9.8CVSS9.4AI score0.01991EPSS

Exploits2References2Affected Software1

Vulnrichment•added 2022/10/20 12:0 a.m.•5 views

CVE-2022-37298

9.6AI score0.01991EPSS

Exploits2References2

Cvelist•added 2022/10/20 12:0 a.m.•36 views

CVE-2022-37298

9.8AI score0.01991EPSS

Exploits2References2

CNNVD•added 2022/10/20 12:0 a.m.•2 views

Shinken 授权问题漏洞

Shinken is a modern, Nagios-compatible monitoring framework from the individual developer Gabès Jean. An authorization issue vulnerability exists in Shinken Monitoring version 2.4.3, which stems from incorrect access control.The SafeUnpickler class in shinken/safepickle.py uses a weak...

9.8CVSS8.3AI score0.01991EPSS

Exploits2References3