Search CVE reports
21 – 30 of 64 results
CVE-2018-10736
Medium priorityA SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | Not affected | Not affected |
CVE-2018-10735
Medium priorityA SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | Not affected | Not affected |
CVE-2018-8736
High priorityA privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |
CVE-2018-8735
High priorityRemote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |
CVE-2018-8734
Medium prioritySQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |
CVE-2018-8733
Medium priorityAuthentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |
CVE-2017-16834
Unknown priorityNot in release
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
1 affected packages
pnp4nagios
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pnp4nagios | — | — | — | Not in release | Not in release |
CVE-2017-14312
High priorityNagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which...
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |
CVE-2017-12847
Low priorityNagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock...
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-0726
Medium priorityThe Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
1 affected packages
nagios3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | — | — | — | — | Not affected |