Vulnerabilities > Nagios > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-15 CVE-2016-9566 Permissions, Privileges, and Access Controls vulnerability in Nagios
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.
local
low complexity
nagios CWE-264
7.2
7.2
2016-12-15 CVE-2016-9565 Improper Access Control vulnerability in Nagios
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server.
network
low complexity
nagios CWE-284
7.5
7.5
2013-11-26 CVE-2013-6875 SQL Injection vulnerability in Nagios XI
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
network
low complexity
nagios CWE-89
7.5
7.5
2013-07-09 CVE-2013-1362 Improper Input Validation vulnerability in multiple products
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
network
low complexity
opensuse nagios CWE-20
7.5
7.5
2013-01-22 CVE-2012-6096 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
network
low complexity
nagios icinga CWE-119
7.5
7.5
2009-07-01 CVE-2009-2288 OS Command Injection vulnerability in Nagios
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
network
low complexity
nagios CWE-78
7.5
7.5
2006-05-19 CVE-2006-2489 Remote Content-Length Integer Overflow vulnerability in Nagios
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header.
network
low complexity
nagios
7.5
7.5