Vulnerabilities > Nagios > Nagios > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-28 | CVE-2019-3698 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. | 6.9 |
2018-07-12 | CVE-2018-13441 | NULL Pointer Dereference vulnerability in Nagios qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 2.1 |
2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
2017-03-31 | CVE-2014-5009 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
2017-03-31 | CVE-2008-7313 | Command Injection vulnerability in multiple products The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
2017-02-15 | CVE-2016-10089 | Permissions, Privileges, and Access Controls vulnerability in Nagios Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | 7.2 |
2016-12-15 | CVE-2016-9566 | Permissions, Privileges, and Access Controls vulnerability in Nagios base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. | 7.2 |
2016-12-15 | CVE-2016-9565 | Improper Access Control vulnerability in Nagios MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. | 7.5 |
2014-02-28 | CVE-2014-1878 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. | 5.0 |
2014-01-15 | CVE-2013-7205 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nagios Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. | 6.4 |