Skip to main content

Nagios Core

5 CVEs product

Monthly

CVE-2020-35269 HIGH This Week

Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding - deleting for hosts or servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios Core
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2018-18245 MEDIUM POC This Month

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Core Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.6%
CVE-2018-13458 MEDIUM POC This Month

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2018-13457 MEDIUM POC This Month

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2017-14312 HIGH This Week

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios Core
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
EPSS 2% CVSS 8.8
HIGH This Week

Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding - deleting for hosts or servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nagios Core
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM POC This Month

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Core Debian Linux
NVD
EPSS 5% CVSS 5.5
MEDIUM POC This Month

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC This Month

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nagios Core
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy