Plugins
by Nagios
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37154 | Hig | 0.48 | 8.4 | 0.00 | Oct 9, 2024 | check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | ||
| CVE-2026-6342 | Med | 0.28 | 4.3 | 0.00 | May 18, 2026 | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost… | ||
| CVE-2007-5198 | 0.04 | — | 0.08 | Oct 4, 2007 | Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | |||
| CVE-2014-4703 | 0.03 | — | 0.01 | Dec 5, 2014 | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | |||
| CVE-2014-4702 | 0.00 | — | 0.00 | Dec 5, 2014 | The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | |||
| CVE-2014-4701 | 0.00 | — | 0.01 | Dec 5, 2014 | The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | |||
| CVE-2013-4215 | 0.00 | — | 0.00 | May 5, 2014 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||
| CVE-2007-5623 | 0.00 | — | 0.03 | Oct 23, 2007 | Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
- risk 0.48cvss 8.4epss 0.00
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
- risk 0.28cvss 4.3epss 0.00
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost…
- CVE-2007-5198Oct 4, 2007risk 0.04cvss —epss 0.08
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
- CVE-2014-4703Dec 5, 2014risk 0.03cvss —epss 0.01
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
- CVE-2014-4702Dec 5, 2014risk 0.00cvss —epss 0.00
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
- CVE-2014-4701Dec 5, 2014risk 0.00cvss —epss 0.01
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
- CVE-2013-4215May 5, 2014risk 0.00cvss —epss 0.00
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
- CVE-2007-5623Oct 23, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.