munin-monitoring Munin 2.0.0

CPE Details

munin-monitoring Munin 2.0.0
munin-monitoring
munin
2.0.0
2012-11-23
10h16 +00:00
2013-12-16
16h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*

Informations

Vendor

munin-monitoring

Product

munin

Version

2.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-6188 2017-02-22 18h00 +00:00 Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
5.5
Medium
CVE-2013-6048 2013-12-13 16h00 +00:00 The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
5
CVE-2013-6359 2013-12-13 16h00 +00:00 Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
4.3
CVE-2012-3513 2012-11-21 23h00 +00:00 munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9.3
CVE-2012-3512 2012-11-21 22h00 +00:00 Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
7.2
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.