Nagios Log Server 2.1.3 has Incorrect Access Control.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-03-16
Nagios Log Server 2.1.3 has CSRF.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-03-16
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
CVSS Score
5.4
EPSS Score
0.073
Published
2020-03-16
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
CVSS Score
5.7
EPSS Score
0.002
Published
2020-02-28
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-12
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
CVSS Score
6.3
EPSS Score
0.001
Published
2017-08-23
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-03-31
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-03-31
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-15
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
CVSS Score
9.8
EPSS Score
0.264
Published
2016-12-15
Page 1