GCVE - cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios Core (`1a656bda-c87f-5963-af66-e79f02935cc9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.704135
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.704138

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-13458`	vulnerable	2026-06-03 14:38:10.596221	Details available qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. Published: 2018-07-12T18:00:00.000Z Updated: 2024-08-05T09:00:35.067Z Open on db.gcve.eu Reference links https://knowledge.opsview.com/v5.4/docs/whats-new https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e https://www.exploit-db.com/exploits/45082/ https://knowledge.opsview.com/v5.3/docs/whats-new http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-13457`	vulnerable	2026-06-03 14:38:10.595751	Details available qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. Published: 2018-07-12T18:00:00.000Z Updated: 2024-08-05T09:00:35.143Z Open on db.gcve.eu Reference links https://knowledge.opsview.com/v5.4/docs/whats-new https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab https://www.exploit-db.com/exploits/45082/ https://knowledge.opsview.com/v5.3/docs/whats-new http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14312`	vulnerable	2026-06-03 14:36:38.827313	Details available Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. Published: 2017-09-11T22:00:00.000Z Updated: 2024-08-05T19:20:41.568Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/201812-03 https://github.com/NagiosEnterprises/nagioscore/issues/424 http://www.securityfocus.com/bid/100881	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.