Ganglia
Products
3- 11 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6816 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2017 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||
| CVE-2012-3448 | 0.04 | — | 0.10 | Aug 6, 2012 | Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. | |||
| CVE-2009-0241 | 0.03 | — | 0.05 | Jan 21, 2009 | Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. | |||
| CVE-2024-52763 | 0.00 | — | 0.01 | Nov 19, 2024 | A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter. | |||
| CVE-2024-52762 | 0.00 | — | 0.01 | Nov 19, 2024 | A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter. | |||
| CVE-2019-20378 | 0.00 | — | 0.01 | Jan 11, 2020 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. | |||
| CVE-2013-1770 | 0.00 | — | 0.02 | Apr 2, 2014 | Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. | |||
| CVE-2013-6395 | 0.00 | — | 0.02 | Dec 5, 2013 | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. | |||
| CVE-2013-0275 | 0.00 | — | 0.02 | Mar 14, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-3741 | 0.00 | — | 0.01 | Sep 23, 2011 | Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. | |||
| CVE-2007-6465 | 0.00 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and… | |||
| CVE-2003-1163 | 0.00 | — | 0.02 | Dec 31, 2003 | hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index. | |||
| CVE-2002-2104 | 0.00 | — | 0.02 | Dec 31, 2002 | graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. |
- risk 0.64cvss 9.8epss 0.04
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
- CVE-2012-3448Aug 6, 2012risk 0.04cvss —epss 0.10
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
- CVE-2009-0241Jan 21, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
- CVE-2024-52763Nov 19, 2024risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
- CVE-2024-52762Nov 19, 2024risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.
- CVE-2019-20378Jan 11, 2020risk 0.00cvss —epss 0.01
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
- CVE-2013-1770Apr 2, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.
- CVE-2013-6395Dec 5, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
- CVE-2013-0275Mar 14, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-3741Sep 23, 2011risk 0.00cvss —epss 0.01
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.
- CVE-2007-6465Dec 20, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and…
- CVE-2003-1163Dec 31, 2003risk 0.00cvss —epss 0.02
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
- CVE-2002-2104Dec 31, 2002risk 0.00cvss —epss 0.02
graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function.