CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18240 – Gentoo Linux Security Advisory 201803-10
https://notcve.org/view.php?id=CVE-2017-18240
19 Mar 2018 — The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped). El paquete app-admin/collectd de Gentoo, en versiones anteriores a la 5.7.2-r1, establece la propiedad del directorio de archivos PID en la cuenta collectd, lo que podría permitir que usuarios locales fi... • http://www.securityfocus.com/bid/103469 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2017-16820 – collectd: double free in csnmp_read_table function in snmp.c
https://notcve.org/view.php?id=CVE-2017-16820
14 Nov 2017 — The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). La función csnmp_read_table en snmp.c en el plugin SNMP en collectd, en versiones anteriores a la 5.6.3, es susceptible a una doble liberación (double free) en un cierto caso de error, lo que podría conducir a un cierre inesperado (o, potencialmente, provocar otro impacto). A double-free vulnerability was ... • https://access.redhat.com/errata/RHSA-2018:0252 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7401 – collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
https://notcve.org/view.php?id=CVE-2017-7401
03 Apr 2017 — Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. La interacción incorrecta de las funciones parse_packet() y parse_part_sign_sha256() en network.c en collectd 5.7.1 y anteriores permite que atacantes remotos provoquen una denegación de servicio... • http://www.securityfocus.com/bid/97321 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 10%CPEs: 5EXPL: 0CVE-2016-6254 – Debian Security Advisory 3636-1
https://notcve.org/view.php?id=CVE-2016-6254
31 Jul 2016 — Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. Desbordamiento de búfer basado en memoria dinámica en la función parse_packet en network.c en collectd en versiones anteriores a 5.4.3 y 5.x en versiones anteriores a 5.5.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posib... • http://collectd.org/news.shtml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2010-4336
https://notcve.org/view.php?id=CVE-2010-4336
17 Dec 2010 — The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins. La función cu_rrd_create_file (src/utils_rrdcreate.c) en collectd v4.x anterior a v4.9.4 y anterior a v4.10.2 permite a atacantes remotos provocar una denegación de servicio (fallo) a través de... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605092 • CWE-399: Resource Management Errors •