Nagios 4.0.3 release candidate 1

CPE Details

Nagios 4.0.3 release candidate 1
4.0.3
2014-02-28
17h22 +00:00
2014-02-28
17h27 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nagios:nagios:4.0.3:rc1:*:*:*:*:*:*

Informations

Vendor

nagios

Product

nagios

Version

4.0.3

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-13441 2018-07-12 16h00 +00:00 qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
5.5
Medium
CVE-2017-12847 2017-08-23 19h00 +00:00 Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
6.3
Medium
CVE-2008-7313 2017-03-31 13h00 +00:00 The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
9.8
Critical
CVE-2014-5009 2017-03-31 13h00 +00:00 Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
9.8
Critical
CVE-2016-10089 2017-02-15 14h00 +00:00 Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
7.8
High
CVE-2016-9565 2016-12-15 21h00 +00:00 MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
9.8
Critical
CVE-2016-9566 2016-12-15 21h00 +00:00 base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
7.8
High
CVE-2014-1878 2014-02-28 14h00 +00:00 Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.
5
CVE-2008-4796 2008-10-30 19h49 +00:00 The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
10