RSS   Podatności dla 'Nagios'   RSS

2020-06-09
 
CVE-2020-13977

CWE-74
 

 
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.

 
2020-03-16
 
CVE-2020-6586

CWE-79
 

 
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

 
 
CVE-2020-6585

CWE-352
 

 
Nagios Log Server 2.1.3 has CSRF.

 
 
CVE-2020-6584

CWE-269
 

 
Nagios Log Server 2.1.3 has Incorrect Access Control.

 
2018-08-01
 
CVE-2016-8641

CWE-59
 

 
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.

 
2018-07-12
 
CVE-2018-13441

CWE-476
 

 
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

 
2017-08-23
 
CVE-2017-12847

CWE-665
 

 
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.

 
2017-06-06
 
CVE-2016-0726

 

 
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

 
2017-03-31
 
CVE-2016-6209

 

 
Cross-site scripting (XSS) vulnerability in Nagios.

 
 
CVE-2014-5009

 

 
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

 


Copyright 2024, cxsecurity.com

 

Back to Top