rpm package
suse/icinga&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/icinga&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8641 | — | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Aug 1, 2018 | A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possib | ||
| CVE-2015-8010 | Med | 6.1 | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Mar 27, 2017 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | |
| CVE-2016-10089 | Hig | 7.8 | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Feb 15, 2017 | Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. |
- CVE-2016-8641Aug 1, 2018affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possib
- affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
- affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.