Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2013-2029

Medium priority
Ignored

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with...

3 affected packages

icinga, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga
nagios2
nagios3
Show less packages

CVE-2011-2179

Medium priority

Some fixes available 1 of 12

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated...

3 affected packages

icinga, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not affected Not affected
nagios2 Not in release Not in release
nagios3 Not affected Not affected
Show less packages

CVE-2011-1523

Medium priority

Some fixes available 3 of 18

Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.

4 affected packages

icinga, nagios, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not affected Not affected
nagios Not in release Not in release
nagios2 Not in release Not in release
nagios3 Not affected Not affected
Show less packages

CVE-2009-2288

Medium priority
Fixed

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

3 affected packages

nagios, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios
nagios2
nagios3
Show less packages

CVE-2008-6373

Medium priority
Ignored

Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."

3 affected packages

nagios, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios
nagios2
nagios3
Show less packages

CVE-2008-5028

Medium priority

Some fixes available 2 of 3

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this...

3 affected packages

nagios, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios
nagios2
nagios3
Show less packages

CVE-2008-5027

Medium priority

Some fixes available 3 of 5

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form...

3 affected packages

nagios, nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios
nagios2
nagios3
Show less packages

CVE-2007-5803

Low priority

Some fixes available 2 of 4

Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.

2 affected packages

nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios2
nagios3
Show less packages

CVE-2008-1360

Low priority

Some fixes available 1 of 4

Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.

1 affected packages

nagios2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios2
Show less packages

CVE-2007-5624

Low priority

Some fixes available 1 of 3

Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.

2 affected packages

nagios2, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios2
nagios3
Show less packages