Skip to main content

Nagios

21 CVEs product

Monthly

CVE-2020-13977 MEDIUM POC This Month

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
2.7%
CVE-2020-6586 MEDIUM This Month

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.1
5.4
EPSS
27.3%
CVE-2020-6585 HIGH This Week

Nagios Log Server 2.1.3 has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6584 MEDIUM This Month

Nagios Log Server 2.1.3 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 3.1
6.5
EPSS
3.9%
CVE-2018-13441 MEDIUM POC This Month

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
1.3%
CVE-2017-12847 MEDIUM PATCH This Month

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 6.3).

Information Disclosure Nagios
NVD GitHub
CVSS 3.0
6.3
EPSS
0.0%
CVE-2016-0726 CRITICAL Act Now

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nagios
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-6209 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nagios. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2014-5009 CRITICAL PATCH Act Now

Snoopy allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Snoopy Openstack Nagios
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-10089 HIGH This Week

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9566 HIGH POC PATCH This Week

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
8.6%
CVE-2016-9565 CRITICAL POC THREAT Emergency

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.9%.

Authentication Bypass Nagios
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.9%
Threat
4.1
CVE-2014-4703 LOW POC PATCH Monitor

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-4702 LOW PATCH Monitor

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nagios
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4701 LOW POC PATCH Monitor

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-1878 MEDIUM PATCH This Month

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Icinga Nagios
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2013-2214 MEDIUM This Month

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 2.0
4.0
EPSS
2.7%
CVE-2013-7205 MEDIUM This Month

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nagios
NVD
CVSS 2.0
6.4
EPSS
2.4%
CVE-2013-7108 MEDIUM POC THREAT This Month

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.6%.

Denial Of Service Nagios Icinga
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
48.6%
Threat
4.1
CVE-2013-4214 MEDIUM This Month

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Rated medium severity (CVSS 6.3). No vendor patch available.

PHP Information Disclosure Nagios Openstack
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2012-6096 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.9%.

Buffer Overflow RCE Nagios Icinga
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
79.9%
Threat
5.4
EPSS 3% CVSS 4.9
MEDIUM POC This Month

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nagios Fedora
NVD GitHub
EPSS 27% CVSS 5.4
MEDIUM This Month

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Nagios Log Server 2.1.3 has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Nagios Log Server 2.1.3 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this. Rated medium severity (CVSS 6.3).

Information Disclosure Nagios
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nagios
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nagios. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Snoopy allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Snoopy Openstack +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
EPSS 9% CVSS 7.8
HIGH POC PATCH This Week

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD GitHub Exploit-DB
EPSS 20% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.9%.

Authentication Bypass Nagios
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nagios
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD Exploit-DB
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Icinga +1
NVD
EPSS 3% CVSS 4.0
MEDIUM This Month

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
EPSS 2% CVSS 6.4
MEDIUM This Month

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nagios
NVD
EPSS 49% 4.1 CVSS 5.5
MEDIUM POC THREAT This Month

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.6%.

Denial Of Service Nagios Icinga
NVD Exploit-DB
EPSS 0% CVSS 6.3
MEDIUM This Month

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Rated medium severity (CVSS 6.3). No vendor patch available.

PHP Information Disclosure Nagios +1
NVD
EPSS 80% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.9%.

Buffer Overflow RCE Nagios +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy