All the vulnerabilites related to nagios - nagios
Vulnerability from fkie_nvd
Published
2018-07-12 18:29
Modified
2024-11-21 03:47
Severity ?
Summary
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF320AFD-B04D-47F8-9DC0-0B3722FF8E5E",
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
},
{
"lang": "es",
"value": "qh_help en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha."
}
],
"id": "CVE-2018-13441",
"lastModified": "2024-11-21T03:47:06.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-12T18:29:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-23 21:29
Modified
2024-11-21 03:10
Severity ?
Summary
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB40EDD4-55D8-4C3C-9D84-1F7B930F476F",
"versionEndIncluding": "4.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
},
{
"lang": "es",
"value": "Nagios Core en versiones anteriores a la 4.3.3 crea un archivo nagios.lock PID tras eliminar privilegios a una cuenta no-root, lo que podr\u00eda permitir que usuarios locales terminen procesos arbitrarios aprovechando el acceso a esta cuenta no-root para modificar nagios.lock antes de que un script root ejecute un comando \"kill `cat /pathname/nagios.lock`\"."
}
],
"id": "CVE-2017-12847",
"lastModified": "2024-11-21T03:10:17.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-23T21:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201710-20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E32CA-1439-4B07-BBB2-38DCD001BD6A",
"versionEndIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
},
{
"lang": "es",
"value": "base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a trav\u00e9s de un ataque de symlink al archivo de inicio de sesi\u00f3n. NOTA: esto puede ser aprovechado por atacantes remotos usando CVE-2016-9565."
}
],
"id": "CVE-2016-9566",
"lastModified": "2024-11-21T03:01:24.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T22:59:00.537",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037487"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 05:36
Severity ?
Summary
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "750FFD82-3737-458C-941C-5E2864DEFB76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
},
{
"lang": "es",
"value": "Nagios Log Server versi\u00f3n 2.1.3, permite un ataque de tipo XSS al visitar /profile e ingresar un campo name dise\u00f1ado que se maneja inapropiadamente en la p\u00e1gina /admin/users. Cualquier usuario malicioso con acceso limitado puede almacenar una carga \u00fatil de tipo XSS en su . Cuando cualquier administrador visualiza esto, es desencadenado el ataque de tipo XSS."
}
],
"id": "CVE-2020-6586",
"lastModified": "2024-11-21T05:36:00.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T16:15:14.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output."
}
],
"id": "CVE-2002-1959",
"lastModified": "2024-11-20T23:42:31.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.nagios.org/changelog.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-28 14:15
Modified
2024-11-21 04:42
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| meissner@suse.de | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html | Mailing List, Third Party Advisory | |
| meissner@suse.de | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html | Mailing List, Third Party Advisory | |
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1156309 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1156309 | Exploit, Issue Tracking, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | * | |
| suse | linux_enterprise_server | 12 | |
| nagios | nagios | * | |
| suse | linux_enterprise_server | 11 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4F5BA0-53D3-48CD-B62C-34655A0DC5BF",
"versionEndExcluding": "3.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3832D4B6-C269-401F-8A93-2DB052196D07",
"versionEndExcluding": "3.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
"matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el cronjob enviado con nagios de SUSE Linux Enterprise Server versi\u00f3n 12, SUSE Linux Enterprise Server versi\u00f3n 11; openSUSE Factory, permite a atacantes locales causar una DoS o escalar potencialmente privilegios al ganar una carrera. Este problema afecta: SUSE Linux Enterprise Server versi\u00f3n 12 nagios versi\u00f3n 3.5.1-5.27 y versiones anteriores. SUSE Linux Enterprise Server 11 nagios versi\u00f3n 3.0.6-1.25.36.3.1 y versiones anteriores. openSUSE Factory nagios versi\u00f3n 4.4.5-2.1 y versiones anteriores."
}
],
"id": "CVE-2019-3698",
"lastModified": "2024-11-21T04:42:21.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 4.2,
"source": "meissner@suse.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-28T14:15:09.687",
"references": [
{
"source": "meissner@suse.de",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "meissner@suse.de",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "meissner@suse.de",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-10 23:55
Modified
2024-11-21 01:51
Severity ?
Summary
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0.1 | |
| nagios | nagios | 3.0.2 | |
| nagios | nagios | 3.0.3 | |
| nagios | nagios | 3.0.4 | |
| nagios | nagios | 3.0.5 | |
| nagios | nagios | 3.0.6 | |
| nagios | nagios | 3.1.0 | |
| nagios | nagios | 3.1.1 | |
| nagios | nagios | 3.1.2 | |
| nagios | nagios | 3.2.0 | |
| nagios | nagios | 3.2.1 | |
| nagios | nagios | 3.2.2 | |
| nagios | nagios | 3.2.3 | |
| nagios | nagios | 3.3.1 | |
| nagios | nagios | 3.4.0 | |
| nagios | nagios | 3.4.1 | |
| nagios | nagios | 3.4.2 | |
| nagios | nagios | 3.4.3 | |
| nagios | nagios | 3.4.4 | |
| nagios | nagios | 3.5.0 | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "690EA084-9E58-4226-B490-2969E6C6BEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "166D983D-2D1B-45D4-8ACF-68ED11BBF5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D2FFFD-9A12-4230-90F6-AC5E3676FD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21A1C2E3-9E5C-4F00-8393-33DAC6765332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8C695-EBA7-4FD0-BBD0-F339757559EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B06E7504-A5C5-42F3-B325-EE9905A9783A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B555161-CF36-47FE-BDAA-C45E8C4B0E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1497A778-52F2-4558-B0B4-833FB8D76036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "834089CF-70FA-4785-9CE0-01CCD5707C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E610186F-91AC-41A6-AC3F-DBFF8EC17316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F8911118-ABD8-4698-9E2D-80059F3A5B32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1."
},
{
"lang": "es",
"value": "status.cgi en Nagios 4.0 anterior a 4.0 beta4 y 3.x anterior a 3.5.1 no restringe adecuadamente el acceso a ciertos usuarios que son un contacto para un servicio, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible sobre nombres de host a trav\u00e9s del Servicegroup (1) Overview, (2) Summary o (3) Grid Style en status.cgi. NOTA: esta conducta es por dise\u00f1o en la mayor\u00eda de las versiones 3.x, no obstante el fabricante \"decidi\u00f3 cambiarlo por Nagios 4\" y 3.5.1."
}
],
"id": "CVE-2013-2214",
"lastModified": "2024-11-21T01:51:15.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T23:55:04.963",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/619"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.nagios.org/view.php?id=456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.nagios.org/view.php?id=456"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 19:55
Modified
2024-11-21 01:26
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA76BE8-5C16-4715-9404-5A0AAB73EBCE",
"versionEndIncluding": "3.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en statusmap.c en statusmap.cgi en Nagios v3.2.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de la capa."
}
],
"id": "CVE-2011-1523",
"lastModified": "2024-11-21T01:26:30.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-03T19:55:10.247",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/25/3"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/03/28/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43287"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44974"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8241"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://tracker.nagios.org/view.php?id=207"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://tracker.nagios.org/view.php?id=207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-14 17:55
Modified
2024-11-21 01:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icinga | icinga | * | |
| icinga | icinga | 0.8.0 | |
| icinga | icinga | 0.8.1 | |
| icinga | icinga | 0.8.2 | |
| icinga | icinga | 0.8.3 | |
| icinga | icinga | 0.8.4 | |
| icinga | icinga | 1.0 | |
| icinga | icinga | 1.0 | |
| icinga | icinga | 1.0.1 | |
| icinga | icinga | 1.0.2 | |
| icinga | icinga | 1.0.3 | |
| icinga | icinga | 1.2.0 | |
| icinga | icinga | 1.2.1 | |
| icinga | icinga | 1.3.0 | |
| icinga | icinga | 1.3.1 | |
| nagios | nagios | 3.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts."
}
],
"id": "CVE-2011-2179",
"lastModified": "2024-11-21T01:27:45.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-14T17:55:06.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44974"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://tracker.nagios.org/view.php?id=224"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48087"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/1605"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://tracker.nagios.org/view.php?id=224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/1605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-28 15:13
Modified
2024-11-21 02:05
Severity ?
Summary
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| icinga | icinga | * | |
| icinga | icinga | 1.8.0 | |
| icinga | icinga | 1.8.1 | |
| icinga | icinga | 1.8.2 | |
| icinga | icinga | 1.8.3 | |
| icinga | icinga | 1.8.4 | |
| icinga | icinga | 1.9.0 | |
| icinga | icinga | 1.9.1 | |
| icinga | icinga | 1.9.2 | |
| icinga | icinga | 1.9.3 | |
| icinga | icinga | 1.9.4 | |
| icinga | icinga | 1.10.0 | |
| icinga | icinga | 1.10.1 | |
| icinga | icinga | 1.10.2 | |
| nagios | nagios | * | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.0 | |
| nagios | nagios | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E3B5ADE-C251-4A5B-A3E1-323BD96F1242",
"versionEndIncluding": "1.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1DE372-E2A4-4C4B-B85C-104D84696090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3410C-6FF8-4485-AC06-BBA15A4BC9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F6ACDE-05A0-4688-97FF-EB4C23E8F52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6333E91A-6315-437C-A600-0B824976FBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "332D5DB3-58A3-41BD-907B-6959B07F643B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BCA88C-5AA9-4C0D-9FA3-80BA8FBBD521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "821C9240-E41E-4BCC-910E-63304F8E3790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFD2677-6BF6-4985-B915-A9395B4A620E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF96645-E8B6-443A-8761-6F879042F689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1912AB1A-C7A5-403A-873A-52FF7D2C5BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21460019-53D0-440D-A0A6-4B778B478B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30895AD2-198A-4329-9987-347AABDD7C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2179AA2D-8FAF-4E1E-8F1F-64BBDEFABB4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "188CC315-C3B3-467E-BDEC-2C4CAA4B6470",
"versionEndIncluding": "4.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "834089CF-70FA-4785-9CE0-01CCD5707C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E610186F-91AC-41A6-AC3F-DBFF8EC17316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F8911118-ABD8-4698-9E2D-80059F3A5B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "B737174D-CA20-4DE4-8147-6317E7A51396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE550BE-D6A7-4DB8-9CF1-A265085EC388",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en la funci\u00f3n cmd_submitf en cgi/cmd.c en Nagios Core, posiblemente 4.0.3rc1 y anteriores e Icinga anterior a 1.8.6, 1.9 anterior a 1.9.5 y 1.10 anterior a 1.10.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) a trav\u00e9s de un mensaje largo hacia cmd.cgi."
}
],
"id": "CVE-2014-1878",
"lastModified": "2024-11-21T02:05:11.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-28T15:13:04.063",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57024"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65605"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://dev.icinga.org/issues/5434"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://dev.icinga.org/issues/5434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-03 21:02
Modified
2024-11-21 00:10
Severity ?
Summary
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "195E2FFA-4AA5-498A-AABD-225C2175918A",
"versionEndIncluding": "1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B903D35B-D120-4E63-855F-442F574F9C16",
"versionEndIncluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header."
}
],
"evaluatorSolution": "Upgrade to versions 1.4 and 2.3",
"id": "CVE-2006-2162",
"lastModified": "2024-11-21T00:10:41.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-03T21:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19991"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19998"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20013"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20215"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/20247"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/17879"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/1662"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
},
{
"source": "secalert@redhat.com",
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/282-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/282-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-22 23:55
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | * | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0.1 | |
| nagios | nagios | 3.0.2 | |
| nagios | nagios | 3.0.3 | |
| nagios | nagios | 3.0.4 | |
| nagios | nagios | 3.0.5 | |
| nagios | nagios | 3.0.6 | |
| nagios | nagios | 3.1.0 | |
| nagios | nagios | 3.1.1 | |
| nagios | nagios | 3.1.2 | |
| nagios | nagios | 3.2.0 | |
| nagios | nagios | 3.2.1 | |
| nagios | nagios | 3.2.2 | |
| nagios | nagios | 3.2.3 | |
| nagios | nagios | 3.3.1 | |
| nagios | nagios | 3.4.0 | |
| nagios | nagios | 3.4.1 | |
| nagios | nagios | 3.4.2 | |
| icinga | icinga | 1.6.0 | |
| icinga | icinga | 1.6.1 | |
| icinga | icinga | 1.7.0 | |
| icinga | icinga | 1.7.1 | |
| icinga | icinga | 1.7.2 | |
| icinga | icinga | 1.7.3 | |
| icinga | icinga | 1.8.0 | |
| icinga | icinga | 1.8.1 | |
| icinga | icinga | 1.8.2 | |
| icinga | icinga | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2E98B5-7093-4713-BD68-4873F81937A2",
"versionEndIncluding": "3.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "690EA084-9E58-4226-B490-2969E6C6BEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "166D983D-2D1B-45D4-8ACF-68ED11BBF5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D2FFFD-9A12-4230-90F6-AC5E3676FD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21A1C2E3-9E5C-4F00-8393-33DAC6765332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8C695-EBA7-4FD0-BBD0-F339757559EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icinga:icinga:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29CC0581-0AE1-43FE-8F98-CB2E7204A7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "246A0425-A4D6-478D-AADB-07A0D3610FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01476892-42B5-44F6-91D2-8C9F680A2F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A830CEA4-06F7-46FB-8216-0D18796F7BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B0C24-D65D-4406-B5F7-5EA60F701872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5260A6FA-C393-4AD5-B5C8-73616F21FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1DE372-E2A4-4C4B-B85C-104D84696090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3410C-6FF8-4485-AC06-BBA15A4BC9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F6ACDE-05A0-4688-97FF-EB4C23E8F52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6333E91A-6315-437C-A600-0B824976FBB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en la funci\u00f3n get_history en history.cgi en Nagios core anterior a v3.4.4, y Icinga v1.6.x anterior a v1.6.2, v1.7.x anterior a v1.7.4, y v1.8.x anterior a v1.8.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una variable (1) host_name de gran longitud o (2) de la variable svc_description."
}
],
"id": "CVE-2012-6096",
"lastModified": "2024-11-21T01:45:48.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-22T23:55:03.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51863"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2616"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/24084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/24159"
},
{
"source": "secalert@redhat.com",
"url": "http://www.nagios.org/projects/nagioscore/history/core-3x"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/89170"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56879"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893269"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/3532"
},
{
"source": "secalert@redhat.com",
"url": "https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/24084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/24159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/projects/nagioscore/history/core-3x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/89170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/56879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/3532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-06 18:29
Modified
2024-11-21 02:42
Severity ?
Summary
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1295446 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1295446 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F89339E6-5484-4D0F-B834-FDD743C094B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
},
{
"lang": "es",
"value": "El paquete Fedora Nagios utiliza \"nagiosadmin\" como contrase\u00f1a predeterminada para la cuenta de administrador \"nagiosadmin\", lo que facilita a los atacantes remotos obtener acceso aprovechando el conocimiento de las credenciales."
}
],
"id": "CVE-2016-0726",
"lastModified": "2024-11-21T02:42:15.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-06T18:29:00.277",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-31 16:59
Modified
2024-11-21 02:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2016/Jun/20 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1346217 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Jun/20 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1346217 | Issue Tracking, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F89339E6-5484-4D0F-B834-FDD743C094B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en Nagios."
}
],
"id": "CVE-2016-6209",
"lastModified": "2024-11-21T02:55:40.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-31T16:59:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-23 17:55
Modified
2024-11-21 01:55
Severity ?
Summary
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7145515E-18AD-4DB5-BA67-B9EEE29087D3",
"versionEndIncluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B555161-CF36-47FE-BDAA-C45E8C4B0E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache."
},
{
"lang": "es",
"value": "rss-newsfeed.php en Nagios Core 3.4.4, 3.5.1, y anteriores versiones, cuando se establece MAGPIE_CACHE_ON en 1, permite a usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de un ataque symlink en /tmp/magpie_cache."
}
],
"evaluatorComment": "per http://rhn.redhat.com/errata/RHSA-2013-1526.html\n\n\u0027Affected Products: Red Hat OpenStack 3.0\u0027",
"id": "CVE-2013-4214",
"lastModified": "2024-11-21T01:55:08.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-23T17:55:03.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61747"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
},
{
"source": "secalert@redhat.com",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 14:15
Modified
2024-11-21 05:02
Severity ?
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | 4.4.5 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE9137F-A7A3-4327-86A7-D61BB30DC55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
},
{
"lang": "es",
"value": "Nagios versi\u00f3n 4.4.5, permite a un atacante, que presenta acceso administrativo, cambiar el ajuste de configuraci\u00f3n \"URL for JSON CGI\", para modificar el c\u00f3digo de Alert Histogram y Trends por medio de las versiones dise\u00f1adas de los archivos archivejson.cgi, objectjson.cgi y statusjson.cgi. NOTA: esta vulnerabilidad ha sido err\u00f3neamente asociada con CVE-2020-1408"
}
],
"id": "CVE-2020-13977",
"lastModified": "2024-11-21T05:02:16.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T14:15:10.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-30 20:56
Modified
2024-11-21 00:52
Severity ?
Summary
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| snoopy_project | snoopy | * | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| nagios | nagios | * | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snoopy_project:snoopy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41656D34-7042-48B9-9ADF-D58CA525087A",
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23B79AF-8C39-4188-B404-40AE46D4617B",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88DFCEE-A687-4A3E-9912-76E45C8B3B7E",
"versionEndExcluding": "2.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs."
},
{
"lang": "es",
"value": "La funci\u00f3n _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacar\u00e1cteres shell en URLs https."
}
],
"id": "CVE-2008-4796",
"lastModified": "2024-11-21T00:52:35.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-30T20:56:54.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN20502807/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32361"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=879959"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31887"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2901"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN20502807/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=879959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 05:36
Severity ?
Summary
Nagios Log Server 2.1.3 has Incorrect Access Control.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "750FFD82-3737-458C-941C-5E2864DEFB76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Nagios Log Server versi\u00f3n 2.1.3, presenta un Control de Acceso Incorrecto."
}
],
"id": "CVE-2020-6584",
"lastModified": "2024-11-21T05:36:00.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T16:15:14.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 15:59
Modified
2024-11-21 02:43
Severity ?
Summary
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/12/30/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95171 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/30/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95171 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46169755-05CD-4043-A730-5A4D2433D407",
"versionEndIncluding": "4.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
},
{
"lang": "es",
"value": "Nagios 4.3.2 y anteriores permite a los usuarios locales obtener privilegios root mediante un ataque de v\u00ednculo f\u00edsico en el archivo de script init de Nagios. Esta vulnerabilidad est\u00e1 relacionada con CVE-2016-8641."
}
],
"id": "CVE-2016-10089",
"lastModified": "2024-11-21T02:43:16.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T15:59:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95171"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-02 19:30
Modified
2024-11-21 00:56
Severity ?
Summary
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3568E9-9239-4AD8-A5AC-0457918DD2AE",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, \"adaptive external commands,\" and \"writing newlines and submitting service comments.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Nagios versiones anteriores a v3.0.6 tiene un impacto no especificado y vectores de ataque remoto relacionados con los programas CGI, \"comandos de adaptaci\u00f3n externa\", e \"introducci\u00f3n de nuevas l\u00edneas y env\u00edo de comentarios de servicio\"."
}
],
"id": "CVE-2008-6373",
"lastModified": "2024-11-21T00:56:22.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-02T19:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32909"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nagios.org/news/#88"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32611"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nagios.org/news/#88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3FCCE-CD72-42D2-9ED4-DE7E0F7D5770",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "690EA084-9E58-4226-B490-2969E6C6BEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "166D983D-2D1B-45D4-8ACF-68ED11BBF5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D2FFFD-9A12-4230-90F6-AC5E3676FD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21A1C2E3-9E5C-4F00-8393-33DAC6765332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8C695-EBA7-4FD0-BBD0-F339757559EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B06E7504-A5C5-42F3-B325-EE9905A9783A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4594D8DC-97C7-4D8A-8CF8-56BD11C85733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD88897-2A40-4127-B8B6-A4DEAF4BE166",
"versionEndIncluding": "1.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0166CAEF-0126-4B6E-BE57-5398375C17EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11406052-8C4C-4CA4-9A73-82135D236741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29CC0581-0AE1-43FE-8F98-CB2E7204A7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "246A0425-A4D6-478D-AADB-07A0D3610FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7488AD-C2CA-491E-B4E4-322A275EE13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01476892-42B5-44F6-91D2-8C9F680A2F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A830CEA4-06F7-46FB-8216-0D18796F7BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B0C24-D65D-4406-B5F7-5EA60F701872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5260A6FA-C393-4AD5-B5C8-73616F21FEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94C19BC7-55B5-4D0D-96CC-1C9C40F7829F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1DE372-E2A4-4C4B-B85C-104D84696090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3410C-6FF8-4485-AC06-BBA15A4BC9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27F6ACDE-05A0-4688-97FF-EB4C23E8F52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6333E91A-6315-437C-A600-0B824976FBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BCA88C-5AA9-4C0D-9FA3-80BA8FBBD521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "821C9240-E41E-4BCC-910E-63304F8E3790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFD2677-6BF6-4985-B915-A9395B4A620E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF96645-E8B6-443A-8761-6F879042F689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21460019-53D0-440D-A0A6-4B778B478B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icinga:icinga:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30895AD2-198A-4329-9987-347AABDD7C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read."
},
{
"lang": "es",
"value": "M\u00faltiples errores de superaci\u00f3n de l\u00edmite (off-by-one) en Nagios Core 3.5.1, 4.0.2 y anteriores, e Icinga anteriores a 1.8.5, 1.9 anteriores a 1.9.4 y 1.10 anteriores a 1.10.2 permite a usuarios autenticados remotamente obtener informaci\u00f3n sensible de procesos de memoria o causar denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una adena larga en el valor de la \u00faltima clave en la lista de variables de la funci\u00f3n process_cgivars en (1) avail.c, (2) cmd.c, (3) config.c, 84) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, y (11) trends.c en cgi/, lo cual lanza una sobre-lectura de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2013-7108",
"lastModified": "2024-11-21T02:00:22.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:04.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55976"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56316"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64363"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/5251"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.icinga.org/issues/5251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-31 16:59
Modified
2024-11-21 02:11
Severity ?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snoopy:snoopy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E13E52-C863-4679-9B96-476DD95B4FC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E32CA-1439-4B07-BBB2-38DCD001BD6A",
"versionEndIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
},
{
"lang": "es",
"value": "Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una correcci\u00f3n incompleta para CVE-2014-5008."
}
],
"id": "CVE-2014-5009",
"lastModified": "2024-11-21T02:11:16.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-31T16:59:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-01 14:29
Modified
2024-11-21 02:59
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D960AF89-A2C5-4171-8E87-E3EABBE006B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D771D732-FF04-4B4B-AC59-0626BDD7216E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE63D733-D2C2-4468-ADE1-4F1ED33BEE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "259150A0-6283-4C6D-99E2-B6DD6110FE12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de escalado de privilegios en nagios 4.2.x que ocurre en daemon-init.in al crear archivos necesarios y, posteriormente, cambiar de forma no segura la propiedad. Es posible que el atacante local cree v\u00ednculos simb\u00f3licos antes de que se creen los archivos y escale privilegios con el cambio de propiedad."
}
],
"id": "CVE-2016-8641",
"lastModified": "2024-11-21T02:59:44.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-01T14:29:00.253",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40774/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-05 16:59
Modified
2024-11-21 02:10
Severity ?
Summary
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E012FD-A29D-4436-AE54-A0054F9431E7",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701."
},
{
"lang": "es",
"value": "El plugin check_icmp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener informaci\u00f3n sensible de los ficheros de configuraciones INI a trav\u00e9s del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4701."
}
],
"id": "CVE-2014-4702",
"lastModified": "2024-11-21T02:10:44.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-05T16:59:07.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58751"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61319"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68293"
},
{
"source": "cve@mitre.org",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-13 23:20
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | 1.0b1 | |
| nagios | nagios | 1.0b2 | |
| nagios | nagios | 1.0b3 | |
| nagios | nagios | 1.0b4 | |
| nagios | nagios | 1.0b5 | |
| nagios | nagios | 1.0b6 | |
| nagios | nagios | 1.1 | |
| nagios | nagios | 1.2 | |
| nagios | nagios | 1.3 | |
| nagios | nagios | 1.4 | |
| nagios | nagios | 1.4.1 | |
| nagios | nagios | 2.0 | |
| nagios | nagios | 2.0b1 | |
| nagios | nagios | 2.0b2 | |
| nagios | nagios | 2.0b3 | |
| nagios | nagios | 2.0b4 | |
| nagios | nagios | 2.0b5 | |
| nagios | nagios | 2.0b6 | |
| nagios | nagios | 2.0rc1 | |
| nagios | nagios | 2.0rc2 | |
| nagios | nagios | 2.1 | |
| nagios | nagios | 2.2 | |
| nagios | nagios | 2.3 | |
| nagios | nagios | 2.3.1 | |
| nagios | nagios | 2.4 | |
| nagios | nagios | 2.5 | |
| nagios | nagios | 2.7 | |
| nagios | nagios | 2.8 | |
| nagios | nagios | 2.9 | |
| nagios | nagios | 2.10 | |
| nagios | nagios | 2.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en programas CGI en Nagios versiones anteriores a 2.12, podr\u00edan permitir a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, un problema diferente de CVE-2007-5624 y CVE-2008-1360."
}
],
"id": "CVE-2007-5803",
"lastModified": "2024-11-21T00:38:43.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-13T23:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30202"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30283"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29140"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1567/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1567/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42522"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-05 16:59
Modified
2024-11-21 02:10
Severity ?
Summary
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E012FD-A29D-4436-AE54-A0054F9431E7",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702."
},
{
"lang": "es",
"value": "El plugin check_dhcp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener informaci\u00f3n sensible de los ficheros de configuraciones INI a trav\u00e9s del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4702."
}
],
"id": "CVE-2014-4701",
"lastModified": "2024-11-21T02:10:44.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-05T16:59:05.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://legalhackers.com/advisories/nagios-check_dhcp.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/May/74"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58751"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61319"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33387"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67433"
},
{
"source": "cve@mitre.org",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://legalhackers.com/advisories/nagios-check_dhcp.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/May/74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 15:23
Modified
2024-11-21 00:53
Severity ?
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286F0DB6-652E-4F1C-BB94-5D2F1C771697",
"versionEndIncluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9A803F-1AD0-4359-B08C-79A68818BCA3",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B40BB586-111A-427F-9B16-53423B0AD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "061C311A-ABC7-49CA-B2FC-021A5E003000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2D71BF-88DE-4963-9313-30BFEC24DB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA7FD7-C403-4086-AC2F-A51CE368FFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D52212-93AF-4397-B87B-7D778589F547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B760C26C-40A8-43DD-ADEA-7E2F0C8443A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30126655-10BC-4EBF-9D60-D97EBFC8C6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516245EB-0DB3-48F0-917D-B93135C287BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3AA0C-8439-4B87-BC36-DBF0F2E4C794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA52C25-22A5-460F-82B8-E9CB6A3CF618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
},
{
"lang": "es",
"value": "El proceso Nagios en (1) Nagios anterior a v3.0.5 y (2) op5 Monitor anterior a v4.0.1 ; permite a usuarios autenticados en remoto evitar las comprobaciones de autorizaci\u00f3n y provocar la ejecuci\u00f3n de ficheros de su elecci\u00f3n por este proceso a trav\u00e9s de (a) un formulario personalizado o (b) un complemento para el navegador."
}
],
"id": "CVE-2008-5027",
"lastModified": "2024-11-21T00:53:06.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-10T15:23:29.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-01 13:00
Modified
2024-11-21 01:04
Severity ?
Summary
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | * | |
| nagios | nagios | 1.0 | |
| nagios | nagios | 1.0b1 | |
| nagios | nagios | 1.0b2 | |
| nagios | nagios | 1.0b4 | |
| nagios | nagios | 1.1 | |
| nagios | nagios | 1.4.1 | |
| nagios | nagios | 2.0 | |
| nagios | nagios | 2.0b4 | |
| nagios | nagios | 2.7 | |
| nagios | nagios | 2.10 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0.1 | |
| nagios | nagios | 3.0.2 | |
| nagios | nagios | 3.0.3 | |
| nagios | nagios | 3.0.4 | |
| nagios | nagios | 3.0.5 | |
| nagios | nagios | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A78517-7672-4267-924E-1C18F41B10C9",
"versionEndIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters."
},
{
"lang": "es",
"value": "statuswml.cgi en Nagios v3.1.1, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres de consola en los par\u00e1metros (1) ping o (2) Traceroute."
}
],
"id": "CVE-2009-2288",
"lastModified": "2024-11-21T01:04:31.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-01T13:00:01.827",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35688"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35692"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39227"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://tracker.nagios.org/view.php?id=15"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1825"
},
{
"source": "cve@mitre.org",
"url": "http://www.nagios.org/development/history/core-3x/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022503"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-795-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://tracker.nagios.org/view.php?id=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/development/history/core-3x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-15 22:59
Modified
2024-11-21 03:01
Severity ?
Summary
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61838238-588B-48A8-879C-DE0F84E47967",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
},
{
"lang": "es",
"value": "MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podr\u00eda permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentaci\u00f3n Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparaci\u00f3n de CVE-2008-4796."
}
],
"id": "CVE-2016-9565",
"lastModified": "2024-11-21T03:01:24.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-15T22:59:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-31 16:59
Modified
2024-11-21 00:58
Severity ?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snoopy:snoopy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E13E52-C863-4679-9B96-476DD95B4FC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E32CA-1439-4B07-BBB2-38DCD001BD6A",
"versionEndIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
},
{
"lang": "es",
"value": "La funci\u00f3n _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2008-4796."
}
],
"id": "CVE-2008-7313",
"lastModified": "2024-11-21T00:58:48.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-31T16:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-05 16:59
Modified
2024-11-21 02:10
Severity ?
Summary
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8081639-4F7A-498D-97CE-8E700C29E441",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701."
},
{
"lang": "es",
"value": "lib/parse_ini.c en Nagios Plugins 2.0.2 permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de un ataque de enlace simb\u00f3lico en el ficheros de configuraciones en el indicador extra-opts. NOTA:esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-4701."
}
],
"id": "CVE-2014-4703",
"lastModified": "2024-11-21T02:10:45.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-05T16:59:08.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/141"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76810"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 16:15
Modified
2024-11-21 05:36
Severity ?
Summary
Nagios Log Server 2.1.3 has CSRF.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "750FFD82-3737-458C-941C-5E2864DEFB76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has CSRF."
},
{
"lang": "es",
"value": "Nagios Log Server versi\u00f3n 2.1.3, presenta una vulnerabilidad de tipo CSRF."
}
],
"id": "CVE-2020-6585",
"lastModified": "2024-11-21T05:36:00.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T16:15:14.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 15:23
Modified
2024-11-21 00:53
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286F0DB6-652E-4F1C-BB94-5D2F1C771697",
"versionEndIncluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9A803F-1AD0-4359-B08C-79A68818BCA3",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B40BB586-111A-427F-9B16-53423B0AD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "061C311A-ABC7-49CA-B2FC-021A5E003000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2D71BF-88DE-4963-9313-30BFEC24DB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA7FD7-C403-4086-AC2F-A51CE368FFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D52212-93AF-4397-B87B-7D778589F547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B760C26C-40A8-43DD-ADEA-7E2F0C8443A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30126655-10BC-4EBF-9D60-D97EBFC8C6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516245EB-0DB3-48F0-917D-B93135C287BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3AA0C-8439-4B87-BC36-DBF0F2E4C794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA52C25-22A5-460F-82B8-E9CB6A3CF618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecuci\u00f3n de programas de su elecci\u00f3n por este proceso, mediante peticiones HTTP no especificadas."
}
],
"id": "CVE-2008-5028",
"lastModified": "2024-11-21T00:53:06.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T15:23:29.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49678"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32610"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32630"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2024-11-21 02:00
Severity ?
Summary
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | * | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0 | |
| nagios | nagios | 3.0.1 | |
| nagios | nagios | 3.0.2 | |
| nagios | nagios | 3.0.3 | |
| nagios | nagios | 3.0.4 | |
| nagios | nagios | 3.0.5 | |
| nagios | nagios | 3.0.6 | |
| nagios | nagios | 3.1.0 | |
| nagios | nagios | 3.1.1 | |
| nagios | nagios | 3.1.2 | |
| nagios | nagios | 3.2.0 | |
| nagios | nagios | 3.2.1 | |
| nagios | nagios | 3.2.2 | |
| nagios | nagios | 3.2.3 | |
| nagios | nagios | 3.3.1 | |
| nagios | nagios | 3.4.0 | |
| nagios | nagios | 3.4.1 | |
| nagios | nagios | 3.4.2 | |
| nagios | nagios | 3.4.3 | |
| nagios | nagios | 3.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B3FCCE-CD72-42D2-9ED4-DE7E0F7D5770",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "690EA084-9E58-4226-B490-2969E6C6BEBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B831C72-C932-4B8C-8B16-C3BC2672AF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5BB3C9-BBC6-43D8-830A-38020F50B148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9E1C24-9907-44F4-9166-5C679F05DF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BE6777-6CA9-443E-A2A5-CCD3ED7EAECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F3B76-7443-437E-B908-95D0EF0214C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF23E8B9-6F07-471A-8332-E6B35DFCE37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEFF0B7-60B4-4022-9EF5-101B707BAC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC14996-78F9-4A95-9750-1229E57C19C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C3195A-7B72-45BA-8F83-6B0FE00D3B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "166D983D-2D1B-45D4-8ACF-68ED11BBF5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68D2FFFD-9A12-4230-90F6-AC5E3676FD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21A1C2E3-9E5C-4F00-8393-33DAC6765332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C8C695-EBA7-4FD0-BBD0-F339757559EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B06E7504-A5C5-42F3-B325-EE9905A9783A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4594D8DC-97C7-4D8A-8CF8-56BD11C85733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n process_cgivars en contrib/daemonchk.c en Nagios Core 3.5.1, 4.0.2 y anteriores, permite a usuarios autenticados remotamente obtener informaci\u00f3n sensible desde procesos de memoria o causar denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de cadenas largas en el valor de la \u00faltima clave en la lista de variables, lo cual lanza una sobre-lectura de buffer basada en memoria din\u00e1mica."
}
],
"id": "CVE-2013-7205",
"lastModified": "2024-11-21T02:00:29.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:04.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55976"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64489"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-19 23:02
Modified
2024-11-21 00:11
Severity ?
Summary
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios | 1.0 | |
| nagios | nagios | 1.0b1 | |
| nagios | nagios | 1.0b2 | |
| nagios | nagios | 1.0b3 | |
| nagios | nagios | 1.0b4 | |
| nagios | nagios | 1.0b5 | |
| nagios | nagios | 1.0b6 | |
| nagios | nagios | 1.1 | |
| nagios | nagios | 1.2 | |
| nagios | nagios | 1.3 | |
| nagios | nagios | 1.4 | |
| nagios | nagios | 2.0 | |
| nagios | nagios | 2.0b1 | |
| nagios | nagios | 2.0b2 | |
| nagios | nagios | 2.0b3 | |
| nagios | nagios | 2.0b4 | |
| nagios | nagios | 2.0b5 | |
| nagios | nagios | 2.0b6 | |
| nagios | nagios | 2.0rc1 | |
| nagios | nagios | 2.0rc2 | |
| nagios | nagios | 2.1 | |
| nagios | nagios | 2.2 | |
| nagios | nagios | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162."
}
],
"id": "CVE-2006-2489",
"lastModified": "2024-11-21T00:11:25.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-19T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20123"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20247"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20313"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18059"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1822"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26454"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/287-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/287-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-17 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios versiones anteriores a la 2.11, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores desconocidos a secuencias de comandos CGI, un problema diferente al de la CVE-2007-5624."
}
],
"id": "CVE-2008-1360",
"lastModified": "2024-11-21T00:44:21.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-17T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29363"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"source": "cve@mitre.org",
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28250"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-23 16:46
Modified
2024-11-21 00:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7BB016-A8F9-4ABE-AF41-99816B37575C",
"versionEndIncluding": "2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios 2.x anterior a 2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores desconocidos a secuecias de comandos CGI no especificadas."
}
],
"id": "CVE-2007-5624",
"lastModified": "2024-11-21T00:38:20.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-23T16:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27316"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27980"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26152"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3567"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-6585
Vulnerability from cvelistv5
Published
2020-03-16 15:31
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
Nagios Log Server 2.1.3 has CSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.nagios.com/products/nagios-log-server/ | x_refsource_MISC | |
| https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60 | x_refsource_MISC | |
| https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6585",
"datePublished": "2020-03-16T15:31:53",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13441
Vulnerability from cvelistv5
Published
2018-07-12 18:00
Modified
2024-08-05 09:00
Severity ?
EPSS score ?
Summary
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
| ▼ | URL | Tags |
|---|---|---|
| https://knowledge.opsview.com/v5.4/docs/whats-new | x_refsource_CONFIRM | |
| https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/45082/ | exploit, x_refsource_EXPLOIT-DB | |
| https://knowledge.opsview.com/v5.3/docs/whats-new | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13441",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1360
Vulnerability from cvelistv5
Published
2008-03-17 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0900/references | vdb-entry, x_refsource_VUPEN | |
| http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/29363 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.nagios.org/development/changelog.php#2x_branch | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41210 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28250 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0900",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "MDVSA-2008:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name": "29363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29363"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-unspecified-xss(41210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
},
{
"name": "28250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0900",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "MDVSA-2008:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name": "29363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29363"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-unspecified-xss(41210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
},
{
"name": "28250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0900/references"
},
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "MDVSA-2008:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name": "29363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29363"
},
{
"name": "http://www.nagios.org/development/changelog.php#2x_branch",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-unspecified-xss(41210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41210"
},
{
"name": "28250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1360",
"datePublished": "2008-03-17T17:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6373
Vulnerability from cvelistv5
Published
2009-03-02 19:00
Modified
2024-08-07 11:27
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200907-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.nagios.org/news/#88 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022165 | vdb-entry, x_refsource_SECTRACK | |
| http://marc.info/?l=bugtraq&m=124156641928637&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.nagios.org/development/history/nagios-3x.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32909 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=124156641928637&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2009/1256 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47081 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/35002 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/32611 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/news/#88"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "32909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32909"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "nagios-cgis-unspecified(47081)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47081"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "32611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, \"adaptive external commands,\" and \"writing newlines and submitting service comments.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/news/#88"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "32909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32909"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "nagios-cgis-unspecified(47081)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47081"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "32611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, \"adaptive external commands,\" and \"writing newlines and submitting service comments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "http://www.nagios.org/news/#88",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/news/#88"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "http://www.nagios.org/development/history/nagios-3x.php",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "32909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32909"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "nagios-cgis-unspecified(47081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47081"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
},
{
"name": "32611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6373",
"datePublished": "2009-03-02T19:00:00",
"dateReserved": "2009-03-02T00:00:00",
"dateUpdated": "2024-08-07T11:27:35.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9565
Vulnerability from cvelistv5
Published
2016-12-15 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9565",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6209
Vulnerability from cvelistv5
Published
2017-03-31 15:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1346217 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2016/Jun/20 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6209",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2016-07-13T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2179
Vulnerability from cvelistv5
Published
2011-06-14 17:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110601 Cross-Site Scripting vulnerability in Nagios",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
},
{
"name": "icinga-expand-xss(67797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
},
{
"name": "8274",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8274"
},
{
"name": "48087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.nagios.org/view.php?id=224"
},
{
"name": "[oss-security] 20110601 CVE request: XSS in nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
},
{
"name": "[oss-security] 20110602 Re: CVE request: XSS in nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.icinga.org/issues/1605"
},
{
"name": "44974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
},
{
"name": "USN-1151-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"name": "20110601 Cross-Site Scripting vulnerability in Icinga",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110601 Cross-Site Scripting vulnerability in Nagios",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"
},
{
"name": "icinga-expand-xss(67797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"
},
{
"name": "8274",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8274"
},
{
"name": "48087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.nagios.org/view.php?id=224"
},
{
"name": "[oss-security] 20110601 CVE request: XSS in nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"
},
{
"name": "[oss-security] 20110602 Re: CVE request: XSS in nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.icinga.org/issues/1605"
},
{
"name": "44974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"
},
{
"name": "USN-1151-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"name": "20110601 Cross-Site Scripting vulnerability in Icinga",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2179",
"datePublished": "2011-06-14T17:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1878
Vulnerability from cvelistv5
Published
2014-02-28 15:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html | vendor-advisory, x_refsource_SUSE | |
| https://dev.icinga.org/issues/5434 | x_refsource_CONFIRM | |
| https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066578 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65605 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/57024 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0516",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.icinga.org/issues/5434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"name": "65605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65605"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "57024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2014:0516",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.icinga.org/issues/5434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"name": "65605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65605"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "57024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0516",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"name": "https://dev.icinga.org/issues/5434",
"refsource": "CONFIRM",
"url": "https://dev.icinga.org/issues/5434"
},
{
"name": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6",
"refsource": "CONFIRM",
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"name": "65605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65605"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "57024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1878",
"datePublished": "2014-02-28T15:00:00",
"dateReserved": "2014-02-06T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6586
Vulnerability from cvelistv5
Published
2020-03-16 15:30
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.nagios.com/products/nagios-log-server/ | x_refsource_MISC | |
| https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60 | x_refsource_MISC | |
| https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6586",
"datePublished": "2020-03-16T15:30:57",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12847
Vulnerability from cvelistv5
Published
2017-08-23 21:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201710-20 | vendor-advisory, x_refsource_GENTOO | |
| https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb | x_refsource_CONFIRM | |
| https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752 | x_refsource_CONFIRM | |
| https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100403 | vdb-entry, x_refsource_BID | |
| https://github.com/NagiosEnterprises/nagioscore/issues/404 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100403"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/issues/404",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12847",
"datePublished": "2017-08-23T21:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10089
Vulnerability from cvelistv5
Published
2017-02-15 15:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95171 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/12/30/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10089",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-12-30T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5028
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nagios-cmd-csrf(46426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18",
"refsource": "CONFIRM",
"url": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"refsource": "OSVDB",
"url": "http://osvdb.org/49678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5028",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:16.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8641
Vulnerability from cvelistv5
Published
2018-08-01 14:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40774/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95121 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-26 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Nagios Enterprises | nagios |
Version: 4.2.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nagios",
"vendor": "Nagios Enterprises",
"versions": [
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8641",
"datePublished": "2018-08-01T14:00:00",
"dateReserved": "2016-10-12T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3698
Vulnerability from cvelistv5
Published
2020-02-28 13:20
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156309 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SUSE | SUSE Linux Enterprise Server 12 |
Version: nagios < |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.5.1-5.27",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.0.6-1.25.36.3.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "4.4.5-2.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner"
}
],
"datePublic": "2020-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T15:45:08",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
},
"title": "nagios cron job allows privilege escalation from user nagios to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-02-28T00:00:00.000Z",
"ID": "CVE-2019-3698",
"STATE": "PUBLIC",
"TITLE": "nagios cron job allows privilege escalation from user nagios to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.5.1-5.27"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.0.6-1.25.36.3.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "4.4.5-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3698",
"datePublished": "2020-02-28T13:20:14.152354Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:33:41.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7313
Vulnerability from cvelistv5
Published
2017-03-31 15:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7313",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4701
Vulnerability from cvelistv5
Published
2014-12-05 16:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/33387 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/61319 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2014/May/74 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/67433 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/58751 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2014/06/30/6 | mailing-list, x_refsource_MLIST | |
| http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins | x_refsource_CONFIRM | |
| http://legalhackers.com/advisories/nagios-check_dhcp.txt | x_refsource_MISC | |
| https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33387"
},
{
"name": "61319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61319"
},
{
"name": "20140516 check_dhcp - Nagios Plugins \u003c= 2.0.1 Arbitrary Option File Read",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/74"
},
{
"name": "67433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67433"
},
{
"name": "58751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58751"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://legalhackers.com/advisories/nagios-check_dhcp.txt"
},
{
"name": "SUSE-SU-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33387",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33387"
},
{
"name": "61319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61319"
},
{
"name": "20140516 check_dhcp - Nagios Plugins \u003c= 2.0.1 Arbitrary Option File Read",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/74"
},
{
"name": "67433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67433"
},
{
"name": "58751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58751"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://legalhackers.com/advisories/nagios-check_dhcp.txt"
},
{
"name": "SUSE-SU-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33387",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33387"
},
{
"name": "61319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61319"
},
{
"name": "20140516 check_dhcp - Nagios Plugins \u003c= 2.0.1 Arbitrary Option File Read",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/74"
},
{
"name": "67433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67433"
},
{
"name": "58751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58751"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"name": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins",
"refsource": "CONFIRM",
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"name": "http://legalhackers.com/advisories/nagios-check_dhcp.txt",
"refsource": "MISC",
"url": "http://legalhackers.com/advisories/nagios-check_dhcp.txt"
},
{
"name": "SUSE-SU-2014:1352",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4701",
"datePublished": "2014-12-05T16:00:00",
"dateReserved": "2014-06-30T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5027
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "http://www.nagios.org/development/history/nagios-3x.php",
"refsource": "MISC",
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5027",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5009
Vulnerability from cvelistv5
Published
2017-03-31 15:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706",
"refsource": "MISC",
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5009",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9566
Vulnerability from cvelistv5
Published
2016-12-15 22:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94919"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9566",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7108
Vulnerability from cvelistv5
Published
2014-01-14 18:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:004",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"name": "openSUSE-SU-2014:0069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "56316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56316"
},
{
"name": "openSUSE-SU-2014:0097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.icinga.org/issues/5251"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55976"
},
{
"name": "64363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64363"
},
{
"name": "openSUSE-SU-2014:0016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2014:004",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"name": "openSUSE-SU-2014:0069",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "56316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56316"
},
{
"name": "openSUSE-SU-2014:0097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.icinga.org/issues/5251"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55976"
},
{
"name": "64363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64363"
},
{
"name": "openSUSE-SU-2014:0016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:004",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"name": "openSUSE-SU-2014:0069",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html"
},
{
"name": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "56316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56316"
},
{
"name": "openSUSE-SU-2014:0097",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00068.html"
},
{
"name": "https://dev.icinga.org/issues/5251",
"refsource": "CONFIRM",
"url": "https://dev.icinga.org/issues/5251"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/",
"refsource": "CONFIRM",
"url": "https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55976"
},
{
"name": "64363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64363"
},
{
"name": "openSUSE-SU-2014:0016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7108",
"datePublished": "2014-01-14T18:00:00",
"dateReserved": "2013-12-15T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2214
Vulnerability from cvelistv5
Published
2014-02-10 23:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q2/622 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2013/q2/619 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html | vendor-advisory, x_refsource_SUSE | |
| http://tracker.nagios.org/view.php?id=456 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130626 Re: CVE request: unauthorized host/service views displayed in servicegroup view",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/622"
},
{
"name": "openSUSE-SU-2013:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
},
{
"name": "[oss-security] 20130626 CVE request: unauthorized host/service views displayed in servicegroup view",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/619"
},
{
"name": "openSUSE-SU-2013:1160",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.nagios.org/view.php?id=456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130626 Re: CVE request: unauthorized host/service views displayed in servicegroup view",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/622"
},
{
"name": "openSUSE-SU-2013:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html"
},
{
"name": "[oss-security] 20130626 CVE request: unauthorized host/service views displayed in servicegroup view",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/619"
},
{
"name": "openSUSE-SU-2013:1160",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.nagios.org/view.php?id=456"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2214",
"datePublished": "2014-02-10T23:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5803
Vulnerability from cvelistv5
Published
2008-05-13 23:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42522 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30202 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1567/references | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/project/shownotes.php?release_id=600377&group_id=26589 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30283 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=600377 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29140 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "nagios-cgi-unspecified-xss(42522)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42522"
},
{
"name": "30202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30202"
},
{
"name": "ADV-2008-1567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1567/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589"
},
{
"name": "30283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377"
},
{
"name": "29140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "nagios-cgi-unspecified-xss(42522)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42522"
},
{
"name": "30202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30202"
},
{
"name": "ADV-2008-1567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1567/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589"
},
{
"name": "30283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377"
},
{
"name": "29140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "nagios-cgi-unspecified-xss(42522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42522"
},
{
"name": "30202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30202"
},
{
"name": "ADV-2008-1567",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1567/references"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377\u0026group_id=26589"
},
{
"name": "30283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30283"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=600377",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=600377"
},
{
"name": "29140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5803",
"datePublished": "2008-05-13T23:00:00",
"dateReserved": "2007-11-05T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1523
Vulnerability from cvelistv5
Published
2011-05-03 19:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/8241 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/43287 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=690877 | x_refsource_CONFIRM | |
| http://tracker.nagios.org/view.php?id=207 | x_refsource_MISC | |
| http://www.rul3z.de/advisories/SSCHADV2011-002.txt | x_refsource_MISC | |
| http://secunia.com/advisories/44974 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwall.com/lists/oss-security/2011/03/25/3 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1151-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://openwall.com/lists/oss-security/2011/03/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8241",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8241"
},
{
"name": "43287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.nagios.org/view.php?id=207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt"
},
{
"name": "44974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44974"
},
{
"name": "[oss-security] 20110325 CVE Request -- Nagios -- XSS in the network status map CGI script",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/25/3"
},
{
"name": "USN-1151-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Nagios -- XSS in the network status map CGI script",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8241",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8241"
},
{
"name": "43287",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.nagios.org/view.php?id=207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt"
},
{
"name": "44974",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44974"
},
{
"name": "[oss-security] 20110325 CVE Request -- Nagios -- XSS in the network status map CGI script",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/25/3"
},
{
"name": "USN-1151-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Nagios -- XSS in the network status map CGI script",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8241",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8241"
},
{
"name": "43287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43287"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=690877",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877"
},
{
"name": "http://tracker.nagios.org/view.php?id=207",
"refsource": "MISC",
"url": "http://tracker.nagios.org/view.php?id=207"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt"
},
{
"name": "44974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44974"
},
{
"name": "[oss-security] 20110325 CVE Request -- Nagios -- XSS in the network status map CGI script",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/25/3"
},
{
"name": "USN-1151-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1151-1"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Nagios -- XSS in the network status map CGI script",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1523",
"datePublished": "2011-05-03T19:00:00",
"dateReserved": "2011-03-28T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6584
Vulnerability from cvelistv5
Published
2020-03-16 15:33
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
Nagios Log Server 2.1.3 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.nagios.com/products/nagios-log-server/ | x_refsource_MISC | |
| https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60 | x_refsource_MISC | |
| https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:35:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6584",
"datePublished": "2020-03-16T15:33:06",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6096
Vulnerability from cvelistv5
Published
2013-01-22 23:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"
},
{
"name": "DSA-2616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2616"
},
{
"name": "openSUSE-SU-2013:0188",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"
},
{
"name": "24084",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24084"
},
{
"name": "openSUSE-SU-2013:0140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"
},
{
"name": "51863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51863"
},
{
"name": "openSUSE-SU-2013:0206",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/projects/nagioscore/history/core-3x"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893269"
},
{
"name": "24159",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24159"
},
{
"name": "89170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"
},
{
"name": "openSUSE-SU-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.icinga.org/issues/3532"
},
{
"name": "DSA-2653",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2653"
},
{
"name": "56879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"
},
{
"name": "DSA-2616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2616"
},
{
"name": "openSUSE-SU-2013:0188",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"
},
{
"name": "24084",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24084"
},
{
"name": "openSUSE-SU-2013:0140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"
},
{
"name": "51863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51863"
},
{
"name": "openSUSE-SU-2013:0206",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/projects/nagioscore/history/core-3x"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=893269"
},
{
"name": "24159",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24159"
},
{
"name": "89170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"
},
{
"name": "openSUSE-SU-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.icinga.org/issues/3532"
},
{
"name": "DSA-2653",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2653"
},
{
"name": "56879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56879"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6096",
"datePublished": "2013-01-22T23:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0726
Vulnerability from cvelistv5
Published
2017-06-06 18:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1295446 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0726",
"datePublished": "2017-06-06T18:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:03.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2162
Vulnerability from cvelistv5
Published
2006-05-03 21:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200605-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "USN-282-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/282-1/"
},
{
"name": "DSA-1072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "ADV-2006-1662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1662"
},
{
"name": "19998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19998"
},
{
"name": "19991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19991"
},
{
"name": "nagios-multiple-scripts-bo(26253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
},
{
"name": "20013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20013"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20215"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890"
},
{
"name": "17879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17879"
},
{
"name": "20247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-200605-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "USN-282-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/282-1/"
},
{
"name": "DSA-1072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "ADV-2006-1662",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1662"
},
{
"name": "19998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19998"
},
{
"name": "19991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19991"
},
{
"name": "nagios-multiple-scripts-bo(26253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
},
{
"name": "20013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20013"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20215"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890"
},
{
"name": "17879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17879"
},
{
"name": "20247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200605-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "USN-282-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/282-1/"
},
{
"name": "DSA-1072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"name": "SUSE-SR:2006:011",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "http://www.nagios.org/development/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "ADV-2006-1662",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1662"
},
{
"name": "19998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19998"
},
{
"name": "19991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19991"
},
{
"name": "nagios-multiple-scripts-bo(26253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26253"
},
{
"name": "20013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20013"
},
{
"name": "20215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20215"
},
{
"name": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/mailarchive/forum.php?thread_id=10297806\u0026forum_id=7890"
},
{
"name": "17879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17879"
},
{
"name": "20247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2162",
"datePublished": "2006-05-03T21:00:00",
"dateReserved": "2006-05-03T00:00:00",
"dateUpdated": "2024-08-07T17:43:27.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1959
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5174 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9508.php | vdb-entry, x_refsource_XF | |
| http://www.nagios.org/changelog.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5174"
},
{
"name": "nagios-plugin-command-execution(9508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5174"
},
{
"name": "nagios-plugin-command-execution(9508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5174"
},
{
"name": "nagios-plugin-command-execution(9508)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"name": "http://www.nagios.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1959",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T19:15:18.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4703
Vulnerability from cvelistv5
Published
2014-12-05 16:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nagios-plugins.org/nagios-plugins-2-0-3-released/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Jun/141 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/76810 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/06/30/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/"
},
{
"name": "20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/141"
},
{
"name": "76810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76810"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/"
},
{
"name": "20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/141"
},
{
"name": "76810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76810"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/",
"refsource": "CONFIRM",
"url": "http://nagios-plugins.org/nagios-plugins-2-0-3-released/"
},
{
"name": "20140628 check_dhcp - Nagios Plugins = 2.0.2 Race Condition",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/141"
},
{
"name": "76810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76810"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4703",
"datePublished": "2014-12-05T16:00:00",
"dateReserved": "2014-06-30T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5624
Vulnerability from cvelistv5
Published
2007-10-23 16:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "FEDORA-2007-4145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html"
},
{
"name": "MDVSA-2008:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791"
},
{
"name": "ADV-2007-3567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3567"
},
{
"name": "27980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-cgi-xss(37350)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801"
},
{
"name": "26152",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26152"
},
{
"name": "FEDORA-2007-4123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html"
},
{
"name": "27316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "FEDORA-2007-4145",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html"
},
{
"name": "MDVSA-2008:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791"
},
{
"name": "ADV-2007-3567",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3567"
},
{
"name": "27980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-cgi-xss(37350)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801"
},
{
"name": "26152",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26152"
},
{
"name": "FEDORA-2007-4123",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html"
},
{
"name": "27316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name": "FEDORA-2007-4145",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html"
},
{
"name": "MDVSA-2008:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=362791",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362791"
},
{
"name": "ADV-2007-3567",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3567"
},
{
"name": "27980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27980"
},
{
"name": "http://www.nagios.org/development/changelog.php#2x_branch",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/changelog.php#2x_branch"
},
{
"name": "nagios-cgi-xss(37350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37350"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=362801",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=362801"
},
{
"name": "26152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26152"
},
{
"name": "FEDORA-2007-4123",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html"
},
{
"name": "27316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5624",
"datePublished": "2007-10-23T16:00:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7205
Vulnerability from cvelistv5
Published
2014-01-14 18:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64489 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:004 | vendor-advisory, x_refsource_MANDRIVA | |
| http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/12/24/1 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55976 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64489"
},
{
"name": "MDVSA-2014:004",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64489"
},
{
"name": "MDVSA-2014:004",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64489"
},
{
"name": "MDVSA-2014:004",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:004"
},
{
"name": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "[oss-security] 20131224 Re: CVE request: denial of service in Nagios (process_cgivars())",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/24/1"
},
{
"name": "55976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7205",
"datePublished": "2014-01-14T18:00:00",
"dateReserved": "2013-12-23T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4702
Vulnerability from cvelistv5
Published
2014-12-05 16:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61319 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/58751 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/68293 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/06/30/6 | mailing-list, x_refsource_MLIST | |
| http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins | x_refsource_CONFIRM | |
| https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61319"
},
{
"name": "58751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58751"
},
{
"name": "68293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68293"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"name": "SUSE-SU-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61319"
},
{
"name": "58751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58751"
},
{
"name": "68293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68293"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"name": "SUSE-SU-2014:1352",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61319"
},
{
"name": "58751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58751"
},
{
"name": "68293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68293"
},
{
"name": "[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/30/6"
},
{
"name": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins",
"refsource": "CONFIRM",
"url": "http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org\u0026utm_medium=News+Post\u0026utm_content=Nagios%20Plugins%202.0.2%20Released\u0026utm_campaign=Nagios%20Plugins"
},
{
"name": "SUSE-SU-2014:1352",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4702",
"datePublished": "2014-12-05T16:00:00",
"dateReserved": "2014-06-30T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4796
Vulnerability from cvelistv5
Published
2008-10-30 20:49
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "snoopy-snoopyclass-command-execution(46068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068"
},
{
"name": "[oss-security] 20081101 CVE-2008-4796: snoopy triage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/1"
},
{
"name": "ADV-2008-2901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2901"
},
{
"name": "20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded"
},
{
"name": "31887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31887"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "JVN#20502807",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20502807/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=879959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "DSA-1691",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "JVNDB-2008-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html"
},
{
"name": "32361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "snoopy-snoopyclass-command-execution(46068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068"
},
{
"name": "[oss-security] 20081101 CVE-2008-4796: snoopy triage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/1"
},
{
"name": "ADV-2008-2901",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2901"
},
{
"name": "20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded"
},
{
"name": "31887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31887"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "JVN#20502807",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20502807/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=879959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "DSA-1691",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "JVNDB-2008-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html"
},
{
"name": "32361",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "snoopy-snoopyclass-command-execution(46068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46068"
},
{
"name": "[oss-security] 20081101 CVE-2008-4796: snoopy triage",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/1"
},
{
"name": "ADV-2008-2901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2901"
},
{
"name": "20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496068/100/0/threaded"
},
{
"name": "31887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31887"
},
{
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "JVN#20502807",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20502807/index.html"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=879959",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=879959"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "DSA-1691",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "JVNDB-2008-000074",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html"
},
{
"name": "32361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4796",
"datePublished": "2008-10-30T20:49:00",
"dateReserved": "2008-10-30T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13977
Vulnerability from cvelistv5
Published
2020-06-09 13:06
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
References
| ▼ | URL | Tags |
|---|---|---|
| https://anhtai.me/nagios-core-4-4-5-url-injection/ | x_refsource_MISC | |
| https://www.nagios.org/projects/nagios-core/history/4x/ | x_refsource_MISC | |
| https://github.com/sawolf/nagioscore/tree/url-injection-fix | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T22:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anhtai.me/nagios-core-4-4-5-url-injection/",
"refsource": "MISC",
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "MISC",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "https://github.com/sawolf/nagioscore/tree/url-injection-fix",
"refsource": "MISC",
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13977",
"datePublished": "2020-06-09T13:06:56",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2489
Vulnerability from cvelistv5
Published
2006-05-19 23:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2006/dsa-1072 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.nagios.org/development/changelog.php | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/287-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/20313 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18059 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20123 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/20247 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/1822 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200605-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "nagios-contentlength-overflow(26454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26454"
},
{
"name": "DSA-1072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "USN-287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/287-1/"
},
{
"name": "20313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20313"
},
{
"name": "18059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18059"
},
{
"name": "20123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20123"
},
{
"name": "20247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20247"
},
{
"name": "ADV-2006-1822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200605-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "nagios-contentlength-overflow(26454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26454"
},
{
"name": "DSA-1072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "USN-287-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/287-1/"
},
{
"name": "20313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20313"
},
{
"name": "18059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18059"
},
{
"name": "20123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20123"
},
{
"name": "20247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20247"
},
{
"name": "ADV-2006-1822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200605-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml"
},
{
"name": "nagios-contentlength-overflow(26454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26454"
},
{
"name": "DSA-1072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1072"
},
{
"name": "http://www.nagios.org/development/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/changelog.php"
},
{
"name": "USN-287-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/287-1/"
},
{
"name": "20313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20313"
},
{
"name": "18059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18059"
},
{
"name": "20123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20123"
},
{
"name": "20247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20247"
},
{
"name": "ADV-2006-1822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2489",
"datePublished": "2006-05-19T23:00:00",
"dateReserved": "2006-05-19T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4214
Vulnerability from cvelistv5
Published
2013-11-23 17:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1526.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=958002 | x_refsource_CONFIRM | |
| https://www.nagios.org/projects/nagios-core/history/4x/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/61747 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "61747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-15T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "61747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61747"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4214",
"datePublished": "2013-11-23T17:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2288
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35688 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200907-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/35543 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/39227 | third-party-advisory, x_refsource_SECUNIA | |
| http://tracker.nagios.org/view.php?id=15 | x_refsource_CONFIRM | |
| http://www.nagios.org/development/history/core-3x/ | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=126996888626964&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.vupen.com/english/advisories/2010/0750 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/35692 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022503 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ubuntu.com/usn/USN-795-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://marc.info/?l=bugtraq&m=126996888626964&w=2 | vendor-advisory, x_refsource_HP | |
| http://www.debian.org/security/2009/dsa-1825 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35688"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "35543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35543"
},
{
"name": "39227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.nagios.org/view.php?id=15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nagios.org/development/history/core-3x/"
},
{
"name": "HPSBMA02513",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "ADV-2010-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0750"
},
{
"name": "35692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35692"
},
{
"name": "1022503",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022503"
},
{
"name": "USN-795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-795-1"
},
{
"name": "SSRT090110",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "DSA-1825",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35688"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "35543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35543"
},
{
"name": "39227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.nagios.org/view.php?id=15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nagios.org/development/history/core-3x/"
},
{
"name": "HPSBMA02513",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "ADV-2010-0750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0750"
},
{
"name": "35692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35692"
},
{
"name": "1022503",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022503"
},
{
"name": "USN-795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-795-1"
},
{
"name": "SSRT090110",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "DSA-1825",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35688"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "35543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35543"
},
{
"name": "39227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39227"
},
{
"name": "http://tracker.nagios.org/view.php?id=15",
"refsource": "CONFIRM",
"url": "http://tracker.nagios.org/view.php?id=15"
},
{
"name": "http://www.nagios.org/development/history/core-3x/",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/development/history/core-3x/"
},
{
"name": "HPSBMA02513",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "ADV-2010-0750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0750"
},
{
"name": "35692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35692"
},
{
"name": "1022503",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022503"
},
{
"name": "USN-795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-795-1"
},
{
"name": "SSRT090110",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126996888626964\u0026w=2"
},
{
"name": "DSA-1825",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2288",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}