CVSS: 9.8EPSS: 30%CPEs: 1EXPL: 4CVE-2016-9565 – Nagios < 4.2.2 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2016-9565
15 Dec 2016 — MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de ali... • https://packetstorm.news/files/id/140169 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-4701
https://notcve.org/view.php?id=CVE-2014-4701
05 Dec 2014 — The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. El plugin check_dhcp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4702. • http://legalhackers.com/advisories/nagios-check_dhcp.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4703 – Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition
https://notcve.org/view.php?id=CVE-2014-4703
05 Dec 2014 — lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. lib/parse_ini.c en Nagios Plugins 2.0.2 permite a usuarios locales obtener información sensible a través de un ataque de enlace simbólico en el ficheros de configuraciones en el indicador extra-opts. NOTA:esta vulnerabilidad existe debido a una solución incompleta para ... • https://www.exploit-db.com/exploits/33904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4702
https://notcve.org/view.php?id=CVE-2014-4702
05 Dec 2014 — The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. El plugin check_icmp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4701. • http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 4%CPEs: 20EXPL: 0CVE-2014-1878 – Debian Security Advisory 2956-1
https://notcve.org/view.php?id=CVE-2014-1878
28 Feb 2014 — Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. Desbordamiento de buffer basado en pila en la función cmd_submitf en cgi/cmd.c en Nagios Core, posiblemente 4.0.3rc1 y anteriores e Icinga anterior a 1.8.6, 1.9 anterior a 1.9.5 y 1.10 anterior a 1.10.3 permite a atacantes re... • http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2013-2214
https://notcve.org/view.php?id=CVE-2013-2214
10 Feb 2014 — status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. status.cgi en Nagios 4.0 anterior a 4.0 beta4 y 3.x anterior a 3.5.1 ... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 2%CPEs: 36EXPL: 0CVE-2013-7205 – Mandriva Linux Security Advisory 2014-004
https://notcve.org/view.php?id=CVE-2013-7205
14 Jan 2014 — Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. Error de superación de límite (off-by-one) en la función process_cgivars en contrib/daemonchk.c en Nagios Core 3.5.1, 4.0.2 y anteriores, permite a usuarios autenticado... • http://secunia.com/advisories/55976 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 91%CPEs: 71EXPL: 1CVE-2013-7108 – Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-7108
14 Jan 2014 — Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (1... • https://www.exploit-db.com/exploits/38882 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4214 – core: html/rss-newsfeed.php insecure temporary file usage
https://notcve.org/view.php?id=CVE-2013-4214
18 Nov 2013 — rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. rss-newsfeed.php en Nagios Core 3.4.4, 3.5.1, y anteriores versiones, cuando se establece MAGPIE_CACHE_ON en 1, permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque symlink en /tmp/magpie_cache. Nagios is a program that can monitor hosts and services on your network. It can send email or page ale... • http://rhn.redhat.com/errata/RHSA-2013-1526.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 78%CPEs: 44EXPL: 5CVE-2012-6096 – Nagios3 - 'history.cgi' Host Command Execution
https://notcve.org/view.php?id=CVE-2012-6096
22 Jan 2013 — Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. Múltiples desbordamientos de búfer basado en pila en la función get_history en history.cgi en Nagios core anterior a v3.4.4, y Icinga v1.6.x anterior a v1.6.2, v1.7.x anterior a v1.7.4, y ... • https://www.exploit-db.com/exploits/24159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •