This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ganglia First view 2012-08-06
Product Ganglia-Web Last view 2024-11-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ganglia:ganglia-web:3.3.0:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:3.5.0:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.0:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.8:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.2.0:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.3:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.5:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:3.4.1:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:3.4.2:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.6:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.7:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.1:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:2.1.2:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:3.3.1:*:*:*:*:*:*:* 7
cpe:2.3:a:ganglia:ganglia-web:3.5.1:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.2:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.3:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.4:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.7:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.8:*:*:*:*:*:*:* 6
cpe:2.3:a:ganglia:ganglia-web:3.5.10:*:*:*:*:*:*:* 6

Related : CVE

  Date Alert Description
5.4 2024-11-19 CVE-2024-52763

A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
5.4 2024-11-19 CVE-2024-52762

A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.
6.1 2020-01-11 CVE-2019-20379

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.
6.1 2020-01-11 CVE-2019-20378

ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
9.8 2017-08-09 CVE-2015-6816

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
4.3 2014-04-02 CVE-2013-1770

Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.
4.3 2013-12-05 CVE-2013-6395

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
4.3 2013-03-13 CVE-2013-0275

Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7.5 2012-08-06 CVE-2012-3448

Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.

CWE : Common Weakness Enumeration

%idName
87% (7) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1) CWE-287 Improper Authentication

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:20076 DSA-2610-1 ganglia - remote code execution

OpenVAS Exploits

id Description
2012-08-13 Name : Ganglia PHP Code Execution Vulnerability
File : nvt/gb_ganglia_54699.nasl

Nessus® Vulnerability Scanner

id Description
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-accdc7ebfc.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-de8ba28354.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-ee7a2b5844.nasl - Type: ACT_GATHER_INFO
2015-11-24 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-612.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_d68df01b564e11e59ad814dae9d210b8.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-10.nasl - Type: ACT_GATHER_INFO
2013-12-23 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2013-268.nasl - Type: ACT_GATHER_INFO
2013-12-14 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22396.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22444.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22497.nasl - Type: ACT_GATHER_INFO
2013-01-22 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2610.nasl - Type: ACT_GATHER_INFO
2012-07-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-10699.nasl - Type: ACT_GATHER_INFO
2012-07-26 Name: The remote Fedora host is missing a security update.
File: fedora_2012-10727.nasl - Type: ACT_GATHER_INFO