Search criteria
74 vulnerabilities found for nagios by nagios
CVE-2020-13977 (GCVE-0-2020-13977)
Vulnerability from nvd – Published: 2020-06-09 13:06 – Updated: 2024-08-04 12:32
VLAI?
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T22:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anhtai.me/nagios-core-4-4-5-url-injection/",
"refsource": "MISC",
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "MISC",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "https://github.com/sawolf/nagioscore/tree/url-injection-fix",
"refsource": "MISC",
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13977",
"datePublished": "2020-06-09T13:06:56",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6586 (GCVE-0-2020-6586)
Vulnerability from nvd – Published: 2020-03-16 15:30 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6586",
"datePublished": "2020-03-16T15:30:57",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6585 (GCVE-0-2020-6585)
Vulnerability from nvd – Published: 2020-03-16 15:31 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 has CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6585",
"datePublished": "2020-03-16T15:31:53",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6584 (GCVE-0-2020-6584)
Vulnerability from nvd – Published: 2020-03-16 15:33 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 has Incorrect Access Control.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:35:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6584",
"datePublished": "2020-03-16T15:33:06",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3698 (GCVE-0-2019-3698)
Vulnerability from nvd – Published: 2020-02-28 13:20 – Updated: 2024-09-16 16:33
VLAI?
Title
nagios cron job allows privilege escalation from user nagios to root
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
Severity ?
5.7 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 12 |
Affected:
nagios , ≤ 3.5.1-5.27
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Matthias Gerstner
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.5.1-5.27",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.0.6-1.25.36.3.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "4.4.5-2.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner"
}
],
"datePublic": "2020-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T15:45:08",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
},
"title": "nagios cron job allows privilege escalation from user nagios to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-02-28T00:00:00.000Z",
"ID": "CVE-2019-3698",
"STATE": "PUBLIC",
"TITLE": "nagios cron job allows privilege escalation from user nagios to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.5.1-5.27"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.0.6-1.25.36.3.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "4.4.5-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3698",
"datePublished": "2020-02-28T13:20:14.152354Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:33:41.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8641 (GCVE-0-2016-8641)
Vulnerability from nvd – Published: 2018-08-01 14:00 – Updated: 2024-08-06 02:27
VLAI?
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nagios Enterprises | nagios |
Affected:
4.2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nagios",
"vendor": "Nagios Enterprises",
"versions": [
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8641",
"datePublished": "2018-08-01T14:00:00",
"dateReserved": "2016-10-12T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13441 (GCVE-0-2018-13441)
Vulnerability from nvd – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13441",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12847 (GCVE-0-2017-12847)
Vulnerability from nvd – Published: 2017-08-23 21:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100403"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/issues/404",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12847",
"datePublished": "2017-08-23T21:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0726 (GCVE-0-2016-0726)
Vulnerability from nvd – Published: 2017-06-06 18:00 – Updated: 2024-08-05 22:30
VLAI?
Summary
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0726",
"datePublished": "2017-06-06T18:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:03.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6209 (GCVE-0-2016-6209)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Nagios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6209",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2016-07-13T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5009 (GCVE-0-2014-5009)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706",
"refsource": "MISC",
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5009",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7313 (GCVE-0-2008-7313)
Vulnerability from nvd – Published: 2017-03-31 15:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7313",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10089 (GCVE-0-2016-10089)
Vulnerability from nvd – Published: 2017-02-15 15:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10089",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-12-30T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9566 (GCVE-0-2016-9566)
Vulnerability from nvd – Published: 2016-12-15 22:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94919"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9566",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9565 (GCVE-0-2016-9565)
Vulnerability from nvd – Published: 2016-12-15 22:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9565",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13977 (GCVE-0-2020-13977)
Vulnerability from cvelistv5 – Published: 2020-06-09 13:06 – Updated: 2024-08-04 12:32
VLAI?
Summary
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-19T22:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.4.5 allows an attacker, who already has administrative access to change the \"URL for JSON CGIs\" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anhtai.me/nagios-core-4-4-5-url-injection/",
"refsource": "MISC",
"url": "https://anhtai.me/nagios-core-4-4-5-url-injection/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "MISC",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "https://github.com/sawolf/nagioscore/tree/url-injection-fix",
"refsource": "MISC",
"url": "https://github.com/sawolf/nagioscore/tree/url-injection-fix"
},
{
"name": "FEDORA-2021-b5e897a2e5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ/"
},
{
"name": "FEDORA-2021-5689072a7e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3/"
},
{
"name": "FEDORA-2021-01a2f76cc3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13977",
"datePublished": "2020-06-09T13:06:56",
"dateReserved": "2020-06-09T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6584 (GCVE-0-2020-6584)
Vulnerability from cvelistv5 – Published: 2020-03-16 15:33 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 has Incorrect Access Control.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:35:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6584",
"datePublished": "2020-03-16T15:33:06",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6585 (GCVE-0-2020-6585)
Vulnerability from cvelistv5 – Published: 2020-03-16 15:31 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 has CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6585",
"datePublished": "2020-03-16T15:31:53",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6586 (GCVE-0-2020-6586)
Vulnerability from cvelistv5 – Published: 2020-03-16 15:30 – Updated: 2024-08-04 09:11
VLAI?
Summary
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T15:34:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nagios.com/products/nagios-log-server/",
"refsource": "MISC",
"url": "https://www.nagios.com/products/nagios-log-server/"
},
{
"name": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60",
"refsource": "MISC",
"url": "https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60"
},
{
"name": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT",
"refsource": "MISC",
"url": "https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6586",
"datePublished": "2020-03-16T15:30:57",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3698 (GCVE-0-2019-3698)
Vulnerability from cvelistv5 – Published: 2020-02-28 13:20 – Updated: 2024-09-16 16:33
VLAI?
Title
nagios cron job allows privilege escalation from user nagios to root
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
Severity ?
5.7 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 12 |
Affected:
nagios , ≤ 3.5.1-5.27
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Matthias Gerstner
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.5.1-5.27",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 11",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.0.6-1.25.36.3.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "4.4.5-2.1",
"status": "affected",
"version": "nagios",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner"
}
],
"datePublic": "2020-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-20T15:45:08",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
},
"title": "nagios cron job allows privilege escalation from user nagios to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-02-28T00:00:00.000Z",
"ID": "CVE-2019-3698",
"STATE": "PUBLIC",
"TITLE": "nagios cron job allows privilege escalation from user nagios to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.5.1-5.27"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 11",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "3.0.6-1.25.36.3.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "nagios",
"version_value": "4.4.5-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156309"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1156309",
"defect": [
"1156309"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3698",
"datePublished": "2020-02-28T13:20:14.152354Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:33:41.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8641 (GCVE-0-2016-8641)
Vulnerability from cvelistv5 – Published: 2018-08-01 14:00 – Updated: 2024-08-06 02:27
VLAI?
Summary
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
Severity ?
6.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nagios Enterprises | nagios |
Affected:
4.2.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nagios",
"vendor": "Nagios Enterprises",
"versions": [
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It\u0027s possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "40774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40774/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641"
},
{
"name": "95121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95121"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8641",
"datePublished": "2018-08-01T14:00:00",
"dateReserved": "2016-10-12T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13441 (GCVE-0-2018-13441)
Vulnerability from cvelistv5 – Published: 2018-07-12 18:00 – Updated: 2024-08-05 09:00
VLAI?
Summary
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13441",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12847 (GCVE-0-2017-12847)
Vulnerability from cvelistv5 – Published: 2017-08-23 21:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog"
},
{
"name": "100403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100403"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/issues/404",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/issues/404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12847",
"datePublished": "2017-08-23T21:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0726 (GCVE-0-2016-0726)
Vulnerability from cvelistv5 – Published: 2017-06-06 18:00 – Updated: 2024-08-05 22:30
VLAI?
Summary
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-06T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295446"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0726",
"datePublished": "2017-06-06T18:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:03.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7313 (GCVE-0-2008-7313)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "68776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68776"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "snoopy-cve20087313-command-exec(94737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94737"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2017-0214.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7313",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6209 (GCVE-0-2016-6209)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Nagios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nagios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"
},
{
"name": "20160609 nagios phishing vector \u0026 xss",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Jun/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6209",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2016-07-13T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5009 (GCVE-0-2014-5009)
Vulnerability from cvelistv5 – Published: 2017-03-31 15:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140709 CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/09/11"
},
{
"name": "68783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68783"
},
{
"name": "[oss-security] 20140718 Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/18/2"
},
{
"name": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29",
"refsource": "CONFIRM",
"url": "http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28\u0026r2=1.29"
},
{
"name": "[oss-security] 20140716 Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/16/10"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264",
"refsource": "MISC",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024264"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121497"
},
{
"name": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706",
"refsource": "MISC",
"url": "https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706"
},
{
"name": "snoopy-cve20145009-command-exec(94738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94738"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5009",
"datePublished": "2017-03-31T15:00:00",
"dateReserved": "2014-07-18T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10089 (GCVE-0-2016-10089)
Vulnerability from cvelistv5 – Published: 2017-02-15 15:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95171"
},
{
"name": "[oss-security] 20161230 Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/30/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10089",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-12-30T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9565 (GCVE-0-2016-9565)
Vulnerability from cvelistv5 – Published: 2016-12-15 22:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core \u003c 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9565",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9566 (GCVE-0-2016-9566)
Vulnerability from cvelistv5 – Published: 2016-12-15 22:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-25T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201710-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94919"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "40921",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40921/"
},
{
"name": "94919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94919"
},
{
"name": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4",
"refsource": "CONFIRM",
"url": "https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "GLSA-201612-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-51"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "1037487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037487"
},
{
"name": "20161215 Nagios Core \u003c 4.2.4 Root Privilege Escalation [CVE-2016-9566]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/58"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402869"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9566",
"datePublished": "2016-12-15T22:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}