NotCVE - vendor:"Nagios" product:"Nagios" version:" <= 3.5.1"

33 results (0.015 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-6584

https://notcve.org/view.php?id=CVE-2020-6584

16 Mar 2020 — Nagios Log Server 2.1.3 has Incorrect Access Control. Nagios Log Server versión 2.1.3, presenta un Control de Acceso Incorrecto. • https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-6585

https://notcve.org/view.php?id=CVE-2020-6585

16 Mar 2020 — Nagios Log Server 2.1.3 has CSRF. Nagios Log Server versión 2.1.3, presenta una vulnerabilidad de tipo CSRF. • https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-6586

https://notcve.org/view.php?id=CVE-2020-6586

16 Mar 2020 — Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered. Nagios Log Server versión 2.1.3, permite un ataque de tipo XSS al visitar /profile e ingresar un campo name diseñado que se maneja inapropiadamente en la página /admin/users. Cualquier usuario malicioso con acceso limitado puede almacenar una carga út... • https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 1

CVE-2019-3698 – nagios cron job allows privilege escalation from user nagios to root

https://notcve.org/view.php?id=CVE-2019-3698

28 Feb 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior version... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3

CVE-2018-13441 – Nagios Core 4.4.1 - Denial of Service

https://notcve.org/view.php?id=CVE-2018-13441

12 Jul 2018 — qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. qh_help en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que un atacante provoque una condición de denegación de servicio (DoS) local mediante el envío de una carga útil manipulada al socket UNIX en escucha.... • https://packetstorm.news/files/id/148681 • CWE-476: NULL Pointer Dereference •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12847 – Gentoo Linux Security Advisory 201710-20

https://notcve.org/view.php?id=CVE-2017-12847

23 Aug 2017 — Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. Nagios Core en versiones anteriores a la 4.3.3 crea un archivo nagios.lock PID tras eliminar privilegios a una cuenta no-root, lo que podría permitir que usuarios locales terminen procesos arbitrari... • http://www.securityfocus.com/bid/100403 • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10089

https://notcve.org/view.php?id=CVE-2016-10089

15 Feb 2017 — Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Nagios 4.3.2 y anteriores permite a los usuarios locales obtener privilegios root mediante un ataque de vínculo físico en el archivo de script init de Nagios. Esta vulnerabilidad está relacionada con CVE-2016-8641. • http://www.openwall.com/lists/oss-security/2016/12/30/6 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2008-7313 – snoopy: incomplete fixes for command execution flaws

https://notcve.org/view.php?id=CVE-2008-7313

31 Jan 2017 — The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2014-5009 – snoopy: incomplete fixes for command execution flaws

https://notcve.org/view.php?id=CVE-2014-5009

31 Jan 2017 — Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 48%CPEs: 1EXPL: 2

CVE-2016-9566 – Nagios < 4.2.4 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-9566

15 Dec 2016 — base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. base/logging.c en Nagios Core en versiones anteriores a 4.2.4 permite a usuarios locales con acceso a una cuenta en el grupo nagios obtener privilegios a través de un ataque de symlink al archivo de inicio de sesión. NOTA: esto puede ser aprovechado por atacantes remotos u... • https://www.exploit-db.com/exploits/40921 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •

1 2 3 4