The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nagios Core

computer vulnerability CVE-2018-18245

Nagios Core: Cross Site Scripting via Plugin Output

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Plugin Output of Nagios Core, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, Nagios Open Source.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/12/2018.
Identifiers: CERTFR-2019-AVI-026, CERTFR-2019-AVI-046, CVE-2018-18245, DLA-1615-1, FEDORA-2019-0b44528ff1, FEDORA-2019-376ecc221c, VIGILANCE-VUL-28045.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Plugin Output of Nagios Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-13458

Nagios Core: NULL pointer dereference via qh_core

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_core of Nagios Core, in order to trigger a denial of service.
Impacted products: Fedora, Nagios Open Source.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/07/2018.
Identifiers: CVE-2018-13458, FEDORA-2019-0b44528ff1, FEDORA-2019-376ecc221c, VIGILANCE-VUL-26737.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_core of Nagios Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13457

Nagios Core: NULL pointer dereference via qh_echo

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_echo of Nagios Core, in order to trigger a denial of service.
Impacted products: Fedora, Nagios Open Source.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/07/2018.
Identifiers: CVE-2018-13457, FEDORA-2019-0b44528ff1, FEDORA-2019-376ecc221c, VIGILANCE-VUL-26736.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_echo of Nagios Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-13441

Nagios Core: NULL pointer dereference via qh_help

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_help of Nagios Core, in order to trigger a denial of service.
Impacted products: Fedora, Nagios Open Source.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/07/2018.
Identifiers: CVE-2018-13441, FEDORA-2019-0b44528ff1, FEDORA-2019-376ecc221c, VIGILANCE-VUL-26735.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via qh_help of Nagios Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-14312

Nagios: privilege escalation via nagios.cfg

Synthesis of the vulnerability

An attacker can bypass restrictions via nagios.cfg of Nagios, in order to escalate his privileges.
Impacted products: Fedora, Nagios Open Source.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 12/09/2017.
Identifiers: CVE-2017-14312, FEDORA-2017-9d345f250a, FEDORA-2017-d270e932a3, VIGILANCE-VUL-23809.

Description of the vulnerability

An attacker can bypass restrictions via nagios.cfg of Nagios, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-12847

Nagios: denial of service via nagios.lock PID File

Synthesis of the vulnerability

An attacker can generate a fatal error via nagios.lock PID File of Nagios, in order to trigger a denial of service.
Impacted products: Nagios Open Source.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 24/08/2017.
Identifiers: CVE-2017-12847, VIGILANCE-VUL-23605.

Description of the vulnerability

An attacker can generate a fatal error via nagios.lock PID File of Nagios, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-6209

Nagios: Cross Site Scripting via corewindow

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via corewindow of Nagios, in order to run JavaScript code in the context of the web site.
Impacted products: Nagios Open Source.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/04/2017.
Identifiers: CVE-2016-6209, VIGILANCE-VUL-22311.

Description of the vulnerability

The Nagios product offers a web service.

However, it does not filter received data via corewindow before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via corewindow of Nagios, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-10089

Nagios: privilege escalation via /etc/init.d/nagios

Synthesis of the vulnerability

A local attacker with privileges of the nagios user, can create a hard link, to force /etc/init.d/nagios of Nagios to change the owner of a file belonging to root.
Impacted products: Nagios Open Source, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: privileged shell.
Creation date: 02/01/2017.
Identifiers: CVE-2016-10089, openSUSE-SU-2018:3258-1, SUSE-SU-2018:3240-1, VIGILANCE-VUL-21495.

Description of the vulnerability

A local attacker with privileges of the nagios user, can create a hard link, to force /etc/init.d/nagios of Nagios to change the owner of a file belonging to root.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-9566

Nagios: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Nagios, in order to escalate his privileges.
Impacted products: Debian, Nagios Open Source, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/12/2016.
Revision date: 16/12/2016.
Identifiers: CERTFR-2016-AVI-399, CVE-2016-9566, DLA-1615-1, DLA-751-1, openSUSE-SU-2017:0146-1, USN-3253-1, USN-3253-2, VIGILANCE-VUL-21328.

Description of the vulnerability

An attacker can bypass restrictions of Nagios, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-9565

Nagios Open Source: code execution via the RSS interface

Synthesis of the vulnerability

An attacker can use a vulnerability via a PHP class implementing RSS in Nagios Open Source, in order to run code.
Impacted products: Debian, Nagios Open Source.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 15/12/2016.
Identifiers: CVE-2016-9565, DLA-751-1, VIGILANCE-VUL-21395.

Description of the vulnerability

An attacker can use a vulnerability via a PHP class implementing RSS in Nagios Open Source, in order to run code. The problem comes from a wrong fix for VIGILANCE-VUL-12742, corresponding to VIGILANCE-VUL-16794.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Nagios Core: