Skip to main content

Munin

9 CVEs product

Monthly

CVE-2017-6188 MEDIUM PATCH This Month

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Munin Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2013-6359 MEDIUM PATCH This Month

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6048 MEDIUM PATCH This Month

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Munin
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-3513 CRITICAL POC Act Now

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Munin
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2012-3512 HIGH POC This Week

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Munin
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-4678 MEDIUM This Month

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Munin
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2012-2147 MEDIUM This Month

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Munin
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2012-2104 MEDIUM POC This Month

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection Munin
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.3%
CVE-2012-2103 LOW Monitor

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Munin
NVD
CVSS 2.0
1.2
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Munin Debian Linux
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Munin
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Munin
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Munin
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Munin
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Munin
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Munin
NVD
EPSS 4% CVSS 6.8
MEDIUM POC This Month

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection Munin
NVD Exploit-DB
EPSS 0% CVSS 1.2
LOW Monitor

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Munin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy