Vulnerabilities > Nagios > Nagios > 3.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-28 | CVE-2019-3698 | UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. | 7.0 |
2018-07-12 | CVE-2018-13441 | NULL Pointer Dereference vulnerability in Nagios qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 5.5 |
2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
2017-03-31 | CVE-2014-5009 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 9.8 |
2017-03-31 | CVE-2008-7313 | Command Injection vulnerability in multiple products The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. | 9.8 |
2017-02-15 | CVE-2016-10089 | Permissions, Privileges, and Access Controls vulnerability in Nagios Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | 7.8 |
2016-12-15 | CVE-2016-9566 | Link Following vulnerability in Nagios base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. | 7.8 |
2016-12-15 | CVE-2016-9565 | Improper Access Control vulnerability in Nagios MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. | 9.8 |