CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-3698 – nagios cron job allows privilege escalation from user nagios to root
https://notcve.org/view.php?id=CVE-2019-3698
28 Feb 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior version... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2018-13441 – Nagios Core 4.4.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-13441
12 Jul 2018 — qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. qh_help en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que un atacante provoque una condición de denegación de servicio (DoS) local mediante el envío de una carga útil manipulada al socket UNIX en escucha.... • https://packetstorm.news/files/id/148681 • CWE-476: NULL Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12847 – Gentoo Linux Security Advisory 201710-20
https://notcve.org/view.php?id=CVE-2017-12847
23 Aug 2017 — Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. Nagios Core en versiones anteriores a la 4.3.3 crea un archivo nagios.lock PID tras eliminar privilegios a una cuenta no-root, lo que podría permitir que usuarios locales terminen procesos arbitrari... • http://www.securityfocus.com/bid/100403 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10089
https://notcve.org/view.php?id=CVE-2016-10089
15 Feb 2017 — Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Nagios 4.3.2 y anteriores permite a los usuarios locales obtener privilegios root mediante un ataque de vínculo físico en el archivo de script init de Nagios. Esta vulnerabilidad está relacionada con CVE-2016-8641. • http://www.openwall.com/lists/oss-security/2016/12/30/6 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-5009 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2014-5009
31 Jan 2017 — Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-7313 – snoopy: incomplete fixes for command execution flaws
https://notcve.org/view.php?id=CVE-2008-7313
31 Jan 2017 — The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 19%CPEs: 1EXPL: 2CVE-2016-9566 – Nagios < 4.2.4 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-9566
15 Dec 2016 — base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos u... • https://www.exploit-db.com/exploits/40921 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 4CVE-2016-9565 – Nagios < 4.2.2 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2016-9565
15 Dec 2016 — MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de ali... • https://packetstorm.news/files/id/140169 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4701
https://notcve.org/view.php?id=CVE-2014-4701
05 Dec 2014 — The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. El plugin check_dhcp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4702. • http://legalhackers.com/advisories/nagios-check_dhcp.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4702
https://notcve.org/view.php?id=CVE-2014-4702
05 Dec 2014 — The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. El plugin check_icmp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4701. • http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •