Page 3 of 33 results (0.010 seconds)

CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 3

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentación Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparación de CVE-2008-4796. It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. • https://www.exploit-db.com/exploits/40920 http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. El plugin check_icmp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4701. • http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins http://secunia.com/advisories/58751 http://secunia.com/advisories/61319 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid/68293 https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. lib/parse_ini.c en Nagios Plugins 2.0.2 permite a usuarios locales obtener información sensible a través de un ataque de enlace simbólico en el ficheros de configuraciones en el indicador extra-opts. NOTA:esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-4701. • https://www.exploit-db.com/exploits/33904 http://nagios-plugins.org/nagios-plugins-2-0-3-released http://seclists.org/fulldisclosure/2014/Jun/141 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid/76810 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 3

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. El plugin check_dhcp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4702. • http://legalhackers.com/advisories/nagios-check_dhcp.txt http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins http://seclists.org/fulldisclosure/2014/May/74 http://secunia.com/advisories/58751 http://secunia.com/advisories/61319 http://www.exploit-db.com/exploits/33387 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 4%CPEs: 20EXPL: 0

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. Desbordamiento de buffer basado en pila en la función cmd_submitf en cgi/cmd.c en Nagios Core, posiblemente 4.0.3rc1 y anteriores e Icinga anterior a 1.8.6, 1.9 anterior a 1.9.5 y 1.10 anterior a 1.10.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) a través de un mensaje largo hacia cmd.cgi. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html http://secunia.com/advisories/57024 http://www.securityfocus.com/bid/65605 https://bugzilla.redhat.com/show_bug.cgi?id=1066578 https://dev.icinga.org/issues/5434 https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •