VYPR

NRPE

by Nagios

CVEs (4)

  • CVE-2013-1362Jul 9, 2013
    risk 0.08cvss epss 0.66

    Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

  • CVE-2014-2913May 7, 2014
    risk 0.04cvss epss 0.15

    Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has…

  • CVE-2020-6582Mar 16, 2020
    risk 0.00cvss epss 0.04

    Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

  • CVE-2020-6581Mar 16, 2020
    risk 0.00cvss epss 0.02

    Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.