Pnp4nagios
by Lingej
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16834 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 2017 | PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. | ||
| CVE-2023-38349 | 0.00 | — | 0.00 | Jul 15, 2023 | PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26. | |||
| CVE-2023-38350 | 0.00 | — | 0.00 | Jul 15, 2023 | PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26. | |||
| CVE-2014-4908 | 0.00 | — | 0.02 | Jul 11, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php,… | |||
| CVE-2012-3457 | 0.00 | — | 0.00 | Aug 12, 2012 | PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. |
- risk 0.51cvss 7.8epss 0.00
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.
- CVE-2023-38349Jul 15, 2023risk 0.00cvss —epss 0.00
PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.
- CVE-2023-38350Jul 15, 2023risk 0.00cvss —epss 0.00
PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.
- CVE-2014-4908Jul 11, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php,…
- CVE-2012-3457Aug 12, 2012risk 0.00cvss —epss 0.00
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.