This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Munin-Monitoring First view 2012-08-26
Product Munin Last view 2017-02-22
Version 2.0_rc4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:munin-monitoring:munin

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2017-02-22 CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
4.3 2013-12-13 CVE-2013-6359

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
5 2013-12-13 CVE-2013-6048

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
9.3 2012-11-21 CVE-2012-3513

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
7.2 2012-11-21 CVE-2012-3512

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
5 2012-08-26 CVE-2012-4678

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
5 2012-08-26 CVE-2012-2147

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-20 Improper Input Validation
28% (2) CWE-399 Resource Management Errors
28% (2) CWE-264 Permissions, Privileges, and Access Controls

OpenVAS Exploits

id Description
2012-11-06 Name : Ubuntu Update for munin USN-1622-1
File : nvt/gb_ubuntu_USN_1622_1.nasl
2012-09-27 Name : Fedora Update for munin FEDORA-2012-13649
File : nvt/gb_fedora_2012_13649_munin_fc16.nasl
2012-09-27 Name : Fedora Update for munin FEDORA-2012-13683
File : nvt/gb_fedora_2012_13683_munin_fc17.nasl

Nessus® Vulnerability Scanner

id Description
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-05.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-818.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-3776c9d747.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-25df1dbd02.nasl - Type: ACT_GATHER_INFO
2017-03-07 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-310.nasl - Type: ACT_GATHER_INFO
2017-03-03 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3215-1.nasl - Type: ACT_GATHER_INFO
2017-02-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3794.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-20.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-348.nasl - Type: ACT_GATHER_INFO
2014-05-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201405-17.nasl - Type: ACT_GATHER_INFO
2014-04-07 Name: The remote Fedora host is missing a security update.
File: fedora_2014-4542.nasl - Type: ACT_GATHER_INFO
2014-04-07 Name: The remote Fedora host is missing a security update.
File: fedora_2014-4462.nasl - Type: ACT_GATHER_INFO
2014-02-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-275.nasl - Type: ACT_GATHER_INFO
2014-01-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2090-1.nasl - Type: ACT_GATHER_INFO
2013-12-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-297.nasl - Type: ACT_GATHER_INFO
2013-12-17 Name: The remote Fedora host is missing a security update.
File: fedora_2013-23016.nasl - Type: ACT_GATHER_INFO
2013-12-17 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22993.nasl - Type: ACT_GATHER_INFO
2013-12-16 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22968.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2815.nasl - Type: ACT_GATHER_INFO
2013-09-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2012-130.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-105.nasl - Type: ACT_GATHER_INFO
2012-11-06 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1622-1.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13683.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13649.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13110.nasl - Type: ACT_GATHER_INFO