Search

Find a vulnerability

Search criteria

    18 vulnerabilities by munin-monitoring

    CVE-2017-6188 (GCVE-0-2017-6188)

    Vulnerability from nvd – Published: 2017-02-22 19:00 – Updated: 2024-08-05 15:25
    VLAI
    Summary
    Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96399 vdb-entryx_refsource_BID
    https://bugs.debian.org/855705 x_refsource_CONFIRM
    https://www.debian.org/security/2017/dsa-3794 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201710-05 vendor-advisoryx_refsource_GENTOO
    https://github.com/munin-monitoring/munin/issues/721 x_refsource_CONFIRM
    Date Public
    2017-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:25:47.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/855705"
              },
              {
                "name": "DSA-3794",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3794"
              },
              {
                "name": "GLSA-201710-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/issues/721"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "96399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/855705"
            },
            {
              "name": "DSA-3794",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3794"
            },
            {
              "name": "GLSA-201710-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/issues/721"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6188",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96399"
                },
                {
                  "name": "https://bugs.debian.org/855705",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/855705"
                },
                {
                  "name": "DSA-3794",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3794"
                },
                {
                  "name": "GLSA-201710-05",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-05"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/issues/721",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/issues/721"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6188",
        "datePublished": "2017-02-22T19:00:00.000Z",
        "dateReserved": "2017-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:25:47.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6359 (GCVE-0-2013-6359)

    Vulnerability from nvd – Published: 2013-12-13 17:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2013/dsa-2815 vendor-advisoryx_refsource_DEBIAN
    http://munin-monitoring.org/ticket/1397 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2090-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/munin-monitoring/munin/blob/2.… x_refsource_CONFIRM
    Date Public
    2013-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:00.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2815"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://munin-monitoring.org/ticket/1397"
              },
              {
                "name": "USN-2090-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2090-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-25T14:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-2815",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2815"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://munin-monitoring.org/ticket/1397"
            },
            {
              "name": "USN-2090-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2090-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6359",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2815",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2815"
                },
                {
                  "name": "http://munin-monitoring.org/ticket/1397",
                  "refsource": "CONFIRM",
                  "url": "http://munin-monitoring.org/ticket/1397"
                },
                {
                  "name": "USN-2090-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2090-1"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6359",
        "datePublished": "2013-12-13T17:00:00.000Z",
        "dateReserved": "2013-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:00.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6048 (GCVE-0-2013-6048)

    Vulnerability from nvd – Published: 2013-12-13 17:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2815"
              },
              {
                "name": "USN-2090-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2090-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-25T14:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-2815",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2815"
            },
            {
              "name": "USN-2090-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2090-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2815",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2815"
                },
                {
                  "name": "USN-2090-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2090-1"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6048",
        "datePublished": "2013-12-13T17:00:00.000Z",
        "dateReserved": "2013-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3513 (GCVE-0-2012-3513)

    Vulnerability from nvd – Published: 2012-11-21 23:00 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.munin-monitoring.org/ticket/1238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-11-21T23:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.munin-monitoring.org/ticket/1238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-1622-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1622-1"
                },
                {
                  "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
                },
                {
                  "name": "http://www.munin-monitoring.org/ticket/1238",
                  "refsource": "MISC",
                  "url": "http://www.munin-monitoring.org/ticket/1238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3513",
        "datePublished": "2012-11-21T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:02.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3512 (GCVE-0-2012-3512)

    Vulnerability from nvd – Published: 2012-11-21 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2012-13649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
              },
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "FEDORA-2012-13683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
              },
              {
                "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.munin-monitoring.org/ticket/1234"
              },
              {
                "name": "FEDORA-2012-13110",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
              },
              {
                "name": "55698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55698"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-01T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2012-13649",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
            },
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "FEDORA-2012-13683",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
            },
            {
              "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.munin-monitoring.org/ticket/1234"
            },
            {
              "name": "FEDORA-2012-13110",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
            },
            {
              "name": "55698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55698"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2012-13649",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
                },
                {
                  "name": "USN-1622-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1622-1"
                },
                {
                  "name": "FEDORA-2012-13683",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
                },
                {
                  "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
                },
                {
                  "name": "http://www.munin-monitoring.org/ticket/1234",
                  "refsource": "MISC",
                  "url": "http://www.munin-monitoring.org/ticket/1234"
                },
                {
                  "name": "FEDORA-2012-13110",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
                },
                {
                  "name": "55698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/55698"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3512",
        "datePublished": "2012-11-21T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4678 (GCVE-0-2012-4678)

    Vulnerability from nvd – Published: 2012-08-26 21:00 – Updated: 2024-09-16 23:11
    VLAI
    Summary
    munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:42:54.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
              },
              {
                "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
              },
              {
                "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
              },
              {
                "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
              },
              {
                "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
              },
              {
                "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://munin-monitoring.org/changeset/4825"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
              },
              {
                "name": "53034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-26T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
            },
            {
              "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
            },
            {
              "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
            },
            {
              "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
            },
            {
              "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
            },
            {
              "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://munin-monitoring.org/changeset/4825"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
            },
            {
              "name": "53034",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
                },
                {
                  "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
                },
                {
                  "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
                },
                {
                  "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
                },
                {
                  "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
                },
                {
                  "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
                },
                {
                  "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
                },
                {
                  "name": "http://munin-monitoring.org/changeset/4825",
                  "refsource": "CONFIRM",
                  "url": "http://munin-monitoring.org/changeset/4825"
                },
                {
                  "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=812889",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
                },
                {
                  "name": "53034",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4678",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-08-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:23.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2147 (GCVE-0-2012-2147)

    Vulnerability from nvd – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:08.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
              },
              {
                "name": "[oss-security] 20120417  Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/17/2"
              },
              {
                "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
              },
              {
                "name": "munin-image-requests-dos(78924)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
              },
              {
                "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
              },
              {
                "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
              },
              {
                "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
              },
              {
                "name": "[oss-security] 20120417  RE: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
            },
            {
              "name": "[oss-security] 20120417  Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/17/2"
            },
            {
              "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
            },
            {
              "name": "munin-image-requests-dos(78924)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
            },
            {
              "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
            },
            {
              "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
            },
            {
              "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
            },
            {
              "name": "[oss-security] 20120417  RE: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2147",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:08.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2104 (GCVE-0-2012-2104)

    Vulnerability from nvd – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:07.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "munin-munincgigraphlog-command-execution(74885)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74885"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX236992"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "name": "53032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "munin-munincgigraphlog-command-execution(74885)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74885"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX236992"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "name": "53032",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53032"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2104",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:07.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2103 (GCVE-0-2012-2103)

    Vulnerability from nvd – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1622-1 vendor-advisoryx_refsource_UBUNTU
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 x_refsource_MISC
    http://secunia.com/advisories/51218 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/16/6 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/04/16/5 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/48859 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/53031 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=812889 x_refsource_MISC
    Date Public
    2012-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:07.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "munin-unspec-symlink(74884)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778"
              },
              {
                "name": "51218",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51218"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "name": "48859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48859"
              },
              {
                "name": "53031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "munin-unspec-symlink(74884)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778"
            },
            {
              "name": "51218",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51218"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "name": "48859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48859"
            },
            {
              "name": "53031",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2103",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:07.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6188 (GCVE-0-2017-6188)

    Vulnerability from cvelistv5 – Published: 2017-02-22 19:00 – Updated: 2024-08-05 15:25
    VLAI
    Summary
    Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96399 vdb-entryx_refsource_BID
    https://bugs.debian.org/855705 x_refsource_CONFIRM
    https://www.debian.org/security/2017/dsa-3794 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201710-05 vendor-advisoryx_refsource_GENTOO
    https://github.com/munin-monitoring/munin/issues/721 x_refsource_CONFIRM
    Date Public
    2017-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:25:47.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96399",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/855705"
              },
              {
                "name": "DSA-3794",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3794"
              },
              {
                "name": "GLSA-201710-05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201710-05"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/issues/721"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T16:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "96399",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/855705"
            },
            {
              "name": "DSA-3794",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3794"
            },
            {
              "name": "GLSA-201710-05",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201710-05"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/issues/721"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-6188",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96399",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96399"
                },
                {
                  "name": "https://bugs.debian.org/855705",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/855705"
                },
                {
                  "name": "DSA-3794",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3794"
                },
                {
                  "name": "GLSA-201710-05",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201710-05"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/issues/721",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/issues/721"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-6188",
        "datePublished": "2017-02-22T19:00:00.000Z",
        "dateReserved": "2017-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:25:47.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6048 (GCVE-0-2013-6048)

    Vulnerability from cvelistv5 – Published: 2013-12-13 17:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2815"
              },
              {
                "name": "USN-2090-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2090-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-25T14:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-2815",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2815"
            },
            {
              "name": "USN-2090-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2090-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6048",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2815",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2815"
                },
                {
                  "name": "USN-2090-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2090-1"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6048",
        "datePublished": "2013-12-13T17:00:00.000Z",
        "dateReserved": "2013-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:42.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6359 (GCVE-0-2013-6359)

    Vulnerability from cvelistv5 – Published: 2013-12-13 17:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2013/dsa-2815 vendor-advisoryx_refsource_DEBIAN
    http://munin-monitoring.org/ticket/1397 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2090-1 vendor-advisoryx_refsource_UBUNTU
    https://github.com/munin-monitoring/munin/blob/2.… x_refsource_CONFIRM
    Date Public
    2013-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:00.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-2815",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2815"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://munin-monitoring.org/ticket/1397"
              },
              {
                "name": "USN-2090-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2090-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-25T14:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-2815",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2815"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://munin-monitoring.org/ticket/1397"
            },
            {
              "name": "USN-2090-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2090-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-6359",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-2815",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2815"
                },
                {
                  "name": "http://munin-monitoring.org/ticket/1397",
                  "refsource": "CONFIRM",
                  "url": "http://munin-monitoring.org/ticket/1397"
                },
                {
                  "name": "USN-2090-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2090-1"
                },
                {
                  "name": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-6359",
        "datePublished": "2013-12-13T17:00:00.000Z",
        "dateReserved": "2013-11-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:00.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3512 (GCVE-0-2012-3512)

    Vulnerability from cvelistv5 – Published: 2012-11-21 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2012-13649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
              },
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "FEDORA-2012-13683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
              },
              {
                "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.munin-monitoring.org/ticket/1234"
              },
              {
                "name": "FEDORA-2012-13110",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
              },
              {
                "name": "55698",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55698"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-01T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2012-13649",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
            },
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "FEDORA-2012-13683",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
            },
            {
              "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.munin-monitoring.org/ticket/1234"
            },
            {
              "name": "FEDORA-2012-13110",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
            },
            {
              "name": "55698",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55698"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2012-13649",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html"
                },
                {
                  "name": "USN-1622-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1622-1"
                },
                {
                  "name": "FEDORA-2012-13683",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html"
                },
                {
                  "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
                },
                {
                  "name": "http://www.munin-monitoring.org/ticket/1234",
                  "refsource": "MISC",
                  "url": "http://www.munin-monitoring.org/ticket/1234"
                },
                {
                  "name": "FEDORA-2012-13110",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html"
                },
                {
                  "name": "55698",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/55698"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3512",
        "datePublished": "2012-11-21T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3513 (GCVE-0-2012-3513)

    Vulnerability from cvelistv5 – Published: 2012-11-21 23:00 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.munin-monitoring.org/ticket/1238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-11-21T23:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.munin-monitoring.org/ticket/1238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3513",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-1622-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1622-1"
                },
                {
                  "name": "[oss-security] 20120820 Two munin issues, now with CVEs",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/21/1"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076"
                },
                {
                  "name": "http://www.munin-monitoring.org/ticket/1238",
                  "refsource": "MISC",
                  "url": "http://www.munin-monitoring.org/ticket/1238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3513",
        "datePublished": "2012-11-21T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:02.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2147 (GCVE-0-2012-2147)

    Vulnerability from cvelistv5 – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:08.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
              },
              {
                "name": "[oss-security] 20120417  Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/17/2"
              },
              {
                "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
              },
              {
                "name": "munin-image-requests-dos(78924)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
              },
              {
                "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
              },
              {
                "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
              },
              {
                "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
              },
              {
                "name": "[oss-security] 20120417  RE: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
            },
            {
              "name": "[oss-security] 20120417  Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/17/2"
            },
            {
              "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
            },
            {
              "name": "munin-image-requests-dos(78924)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78924"
            },
            {
              "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
            },
            {
              "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
            },
            {
              "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
            },
            {
              "name": "[oss-security] 20120417  RE: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2147",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:08.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2103 (GCVE-0-2012-2103)

    Vulnerability from cvelistv5 – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1622-1 vendor-advisoryx_refsource_UBUNTU
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 x_refsource_MISC
    http://secunia.com/advisories/51218 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/04/16/6 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2012/04/16/5 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/48859 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/53031 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=812889 x_refsource_MISC
    Date Public
    2012-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:07.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1622-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1622-1"
              },
              {
                "name": "munin-unspec-symlink(74884)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778"
              },
              {
                "name": "51218",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51218"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "name": "48859",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48859"
              },
              {
                "name": "53031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53031"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "USN-1622-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1622-1"
            },
            {
              "name": "munin-unspec-symlink(74884)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74884"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778"
            },
            {
              "name": "51218",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51218"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "name": "48859",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48859"
            },
            {
              "name": "53031",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53031"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2103",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:07.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2104 (GCVE-0-2012-2104)

    Vulnerability from cvelistv5 – Published: 2012-08-26 21:00 – Updated: 2024-08-06 19:26
    VLAI
    Summary
    cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:26:07.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "munin-munincgigraphlog-command-execution(74885)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74885"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX236992"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "name": "53032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-23T20:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "munin-munincgigraphlog-command-execution(74885)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74885"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX236992"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "name": "53032",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53032"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-2104",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:26:07.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4678 (GCVE-0-2012-4678)

    Vulnerability from cvelistv5 – Published: 2012-08-26 21:00 – Updated: 2024-09-16 23:11
    VLAI
    Summary
    munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:42:54.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
              },
              {
                "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
              },
              {
                "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
              },
              {
                "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
              },
              {
                "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
              },
              {
                "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
              },
              {
                "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://munin-monitoring.org/changeset/4825"
              },
              {
                "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
              },
              {
                "name": "53034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-26T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
            },
            {
              "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
            },
            {
              "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
            },
            {
              "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
            },
            {
              "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
            },
            {
              "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
            },
            {
              "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://munin-monitoring.org/changeset/4825"
            },
            {
              "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
            },
            {
              "name": "53034",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/5"
                },
                {
                  "name": "[oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/27/7"
                },
                {
                  "name": "[oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/18/2"
                },
                {
                  "name": "[oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/4"
                },
                {
                  "name": "[oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/19/3"
                },
                {
                  "name": "[oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/29/2"
                },
                {
                  "name": "[oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/16/6"
                },
                {
                  "name": "http://munin-monitoring.org/changeset/4825",
                  "refsource": "CONFIRM",
                  "url": "http://munin-monitoring.org/changeset/4825"
                },
                {
                  "name": "[oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/04/16/5"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667",
                  "refsource": "MISC",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=812889",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=812889"
                },
                {
                  "name": "53034",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4678",
        "datePublished": "2012-08-26T21:00:00.000Z",
        "dateReserved": "2012-08-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:23.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }