MidnightBSD

Advisories for ganglia

CVE-2002-2104 HIGH

graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ganglia php_rrd_web_client 1.0.1
CVE-2003-1163 MEDIUM

hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ganglia gmond 2.5.2
ganglia gmond 2.5.1
ganglia gmond 2.5.4
ganglia gmond 2.5.0
ganglia gmond 2.5.3
CVE-2009-0241 HIGH

Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ganglia ganglia 3.1.1
CVE-2011-3741 MEDIUM

Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ganglia ganglia 3.1.7
CVE-2013-0275 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ganglia ganglia-web 3.5.2
ganglia ganglia-web 3.5.4
ganglia ganglia-web 2.1.8
ganglia ganglia-web 2.1.2
ganglia ganglia-web 2.1.3
ganglia ganglia-web 3.4.2
ganglia ganglia-web 3.3.1
ganglia ganglia-web 2.1.0
ganglia ganglia-web 2.1.1
ganglia ganglia-web 2.1.6
ganglia ganglia-web *
ganglia ganglia-web 2.1.5
ganglia ganglia-web 2.1.7
ganglia ganglia-web 3.3.0
ganglia ganglia-web 3.4.1
ganglia ganglia-web 2.2.0
ganglia ganglia-web 3.5.0
ganglia ganglia-web 3.5.1
ganglia ganglia-web 3.5.3
CVE-2013-1770 MEDIUM

Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ganglia ganglia-web 3.5.7
CVE-2013-6395 MEDIUM

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ganglia ganglia-web 3.5.10
ganglia ganglia-web 3.5.8
CVE-2015-6816 HIGH

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
ganglia ganglia-web *
fedoraproject fedora 21
fedoraproject fedora 23
fedoraproject fedora 22
CVE-2019-20378 MEDIUM

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ganglia ganglia-web *
CVE-2019-20379 MEDIUM

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ganglia ganglia-web *
CVE-2024-52762

A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
ganglia ganglia-web *
CVE-2024-52763

A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
ganglia ganglia-web *