Web
by Ganglia
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6816 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||
| CVE-2012-3448 | 0.04 | — | 0.10 | Aug 6, 2012 | Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. | |||
| CVE-2009-0241 | 0.03 | — | 0.05 | Jan 21, 2009 | Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. | |||
| CVE-2024-52763 | 0.00 | — | 0.01 | Nov 19, 2024 | A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter. | |||
| CVE-2024-52762 | 0.00 | — | 0.01 | Nov 19, 2024 | A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter. | |||
| CVE-2019-20378 | 0.00 | — | 0.01 | Jan 11, 2020 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. | |||
| CVE-2013-1770 | 0.00 | — | 0.02 | Apr 2, 2014 | Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. | |||
| CVE-2013-6395 | 0.00 | — | 0.02 | Dec 5, 2013 | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. | |||
| CVE-2013-0275 | 0.00 | — | 0.02 | Mar 14, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-3741 | 0.00 | — | 0.01 | Sep 23, 2011 | Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. | |||
| CVE-2007-6465 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and… |
- risk 0.64cvss 9.8epss 0.04
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
- CVE-2012-3448Aug 6, 2012risk 0.04cvss —epss 0.10
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
- CVE-2009-0241Jan 21, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
- CVE-2024-52763Nov 19, 2024risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
- CVE-2024-52762Nov 19, 2024risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.
- CVE-2019-20378Jan 11, 2020risk 0.00cvss —epss 0.01
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
- CVE-2013-1770Apr 2, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.
- CVE-2013-6395Dec 5, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
- CVE-2013-0275Mar 14, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-3741Sep 23, 2011risk 0.00cvss —epss 0.01
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.
- CVE-2007-6465Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and…