Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): collectD
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-1369 |
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . Published: February 13, 2024; 2:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2017-18240 |
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). Published: March 18, 2018; 10:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-16820 |
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). Published: November 14, 2017; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-7401 |
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. Published: April 03, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6254 |
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. Published: August 19, 2016; 5:59:13 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2010-4336 |
The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins. Published: December 17, 2010; 2:00:22 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |