Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
Max CVSS
6.3
EPSS Score
0.06%
Published
2017-08-23
Updated
2019-10-03
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
Max CVSS
7.8
EPSS Score
0.07%
Published
2017-02-15
Updated
2017-11-23
Cross-site scripting (XSS) vulnerability in Nagios.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-03-31
Updated
2017-04-04
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
Max CVSS
9.8
EPSS Score
0.48%
Published
2017-06-06
Updated
2017-06-22
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-03-31
Updated
2017-08-29
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Max CVSS
9.8
EPSS Score
1.70%
Published
2017-03-31
Updated
2017-04-04
6 vulnerabilities found