Search criteria
15 vulnerabilities found for nagios_core by nagios
FKIE_CVE-2020-35269
Vulnerability from fkie_nvd - Published: 2020-12-23 19:15 - Updated: 2024-11-21 05:27
Severity ?
Summary
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | 4.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37B52212-379C-4C39-84C3-8F641D953E6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers."
},
{
"lang": "es",
"value": "La versi\u00f3n 4.2.4 de la aplicaci\u00f3n Nagios Core es vulnerable a la falsificaci\u00f3n de solicitudes en todo el sitio (CSRF) en muchas funciones, como la adici\u00f3n y la eliminaci\u00f3n de hosts o servidores"
}
],
"id": "CVE-2020-35269",
"lastModified": "2024-11-21T05:27:07.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-23T19:15:13.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18245
Vulnerability from fkie_nvd - Published: 2018-12-17 15:29 - Updated: 2024-11-21 03:55
Severity ?
Summary
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | 4.4.2 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "440C6FCE-2A12-41F3-B687-6AE3DE4D8B84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE."
},
{
"lang": "es",
"value": "Nagios Core 4.4.2 tiene Cross-Site Scripting (XSS) mediante los informes de sumario de alertas de los resultados de los plugins, tal y como queda demostrado por un elemento SCRIPT entregado por un plugin check_load modificado en NRPE."
}
],
"id": "CVE-2018-18245",
"lastModified": "2024-11-21T03:55:34.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-17T15:29:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-13457
Vulnerability from fkie_nvd - Published: 2018-07-12 18:29 - Updated: 2024-11-21 03:47
Severity ?
Summary
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7E3DC4-8B91-4477-9CDF-5B102F7979E5",
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
},
{
"lang": "es",
"value": "qh_echo en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha."
}
],
"id": "CVE-2018-13457",
"lastModified": "2024-11-21T03:47:07.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-12T18:29:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-13458
Vulnerability from fkie_nvd - Published: 2018-07-12 18:29 - Updated: 2024-11-21 03:47
Severity ?
Summary
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7E3DC4-8B91-4477-9CDF-5B102F7979E5",
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
},
{
"lang": "es",
"value": "qh_core en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha."
}
],
"id": "CVE-2018-13458",
"lastModified": "2024-11-21T03:47:07.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-12T18:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14312
Vulnerability from fkie_nvd - Published: 2017-09-11 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE753D4-DBFF-4B22-AB54-57E4DDCC7A95",
"versionEndIncluding": "4.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account."
},
{
"lang": "es",
"value": "Nagios Core hasta la versi\u00f3n 4.3.4 ejecuta inicialmente /usr/sbin/nagios como root, pero es compatible con opciones de configuraci\u00f3n en las cuales este archivo es propiedad de una cuenta sin root (y, de forma similar, puede poseer nagios.cfg sin root), lo que permite que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta sin root."
}
],
"id": "CVE-2017-14312",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T22:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/100881"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/100881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201812-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-35269 (GCVE-0-2020-35269)
Vulnerability from cvelistv5 – Published: 2020-12-23 18:44 – Updated: 2024-08-04 17:02
VLAI?
Summary
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T20:56:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc",
"refsource": "MISC",
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35269",
"datePublished": "2020-12-23T18:44:12",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18245 (GCVE-0-2018-18245)
Vulnerability from cvelistv5 – Published: 2018-12-17 15:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:05:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt",
"refsource": "MISC",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18245",
"datePublished": "2018-12-17T15:00:00",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13457 (GCVE-0-2018-13457)
Vulnerability from cvelistv5 – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:05:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13457",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13458 (GCVE-0-2018-13458)
Vulnerability from cvelistv5 – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13458",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14312 (GCVE-0-2017-14312)
Vulnerability from cvelistv5 – Published: 2017-09-11 22:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201812-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-03T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201812-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201812-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/issues/424",
"refsource": "MISC",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14312",
"datePublished": "2017-09-11T22:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35269 (GCVE-0-2020-35269)
Vulnerability from nvd – Published: 2020-12-23 18:44 – Updated: 2024-08-04 17:02
VLAI?
Summary
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T20:56:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding \u2013 deleting for hosts or servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc",
"refsource": "MISC",
"url": "https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35269",
"datePublished": "2020-12-23T18:44:12",
"dateReserved": "2020-12-14T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18245 (GCVE-0-2018-18245)
Vulnerability from nvd – Published: 2018-12-17 15:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:05:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt",
"refsource": "MISC",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18245",
"datePublished": "2018-12-17T15:00:00",
"dateReserved": "2018-10-11T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13457 (GCVE-0-2018-13457)
Vulnerability from nvd – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:05:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13457",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13458 (GCVE-0-2018-13458)
Vulnerability from nvd – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13458",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14312 (GCVE-0-2017-14312)
Vulnerability from nvd – Published: 2017-09-11 22:00 – Updated: 2024-08-05 19:20
VLAI?
Summary
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201812-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-03T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201812-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201812-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-03"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/issues/424",
"refsource": "MISC",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/424"
},
{
"name": "100881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14312",
"datePublished": "2017-09-11T22:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}