rpm package
suse/icinga&distro=SUSE Manager Client Tools 12
pkg:rpm/suse/icinga&distro=SUSE%20Manager%20Client%20Tools%2012
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3698 | — | < 1.13.3-12.6.1 | 1.13.3-12.6.1 | Feb 28, 2020 | UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue | ||
| CVE-2016-8641 | — | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Aug 1, 2018 | A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possib | ||
| CVE-2015-8010 | Med | 6.1 | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Mar 27, 2017 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | |
| CVE-2016-10089 | Hig | 7.8 | < 1.13.3-12.3.1 | 1.13.3-12.3.1 | Feb 15, 2017 | Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | |
| CVE-2016-9566 | Hig | 7.8 | < 1.13.3-12.6.1 | 1.13.3-12.6.1 | Dec 15, 2016 | base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. |
- CVE-2019-3698Feb 28, 2020affected < 1.13.3-12.6.1fixed 1.13.3-12.6.1
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue
- CVE-2016-8641Aug 1, 2018affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possib
- affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
- affected < 1.13.3-12.3.1fixed 1.13.3-12.3.1
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
- affected < 1.13.3-12.6.1fixed 1.13.3-12.6.1
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.