Information on source package nagios3

Available versions

ReleaseVersion
jessie3.5.1.dfsg-2+deb8u1

Open issues

BugjessieDescription
CVE-2017-12847vulnerable (no DSA)Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...
CVE-2016-6209vulnerable (no DSA)Cross-site scripting (XSS) vulnerability in Nagios.
CVE-2013-7107vulnerable (no DSA)Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...

Open unimportant issues

BugjessieDescription
CVE-2008-5027vulnerableThe Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor befo ...

Resolved issues

BugDescription
CVE-2018-18245Nagios Core 4.4.2 has XSS via the alert summary reports of plugin resu ...
CVE-2017-14312Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...
CVE-2016-10089Nagios 4.3.2 and earlier allows local users to gain root privileges vi ...
CVE-2016-9566base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...
CVE-2016-9565MagpieRSS, as used in the front-end component in Nagios Core before 4. ...
CVE-2016-8641A privilege escalation vulnerability was found in nagios 4.2.x that oc ...
CVE-2016-0726The Fedora Nagios package uses "nagiosadmin" as the default password f ...
CVE-2014-1878Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c i ...
CVE-2013-7205Off-by-one error in the process_cgivars function in contrib/daemonchk. ...
CVE-2013-7108Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, a ...
CVE-2013-4214rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE ...
CVE-2013-2214status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does no ...
CVE-2013-2029nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...
CVE-2012-6096Multiple stack-based buffer overflows in the get_history function in h ...
CVE-2011-2477Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...
CVE-2011-2179Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...
CVE-2011-1523Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.c ...
CVE-2009-2288statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execut ...
CVE-2008-6373Unspecified vulnerability in Nagios before 3.0.6 has unspecified impac ...
CVE-2008-5028Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagi ...
CVE-2007-5803Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...

Security announcements

DSA / DLADescription
DLA-1615-1nagios3 - security update
DLA-751-1nagios3 - security update
DLA-461-1nagios3 - security update
DSA-2616-1nagios3 - buffer overflow vulnerability
DSA-1825-1nagios2 nagios3 - arbitrary code execution
Search for package or bug name: Reporting problems