GCVE - cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*

part: a version: 2.3 update: *

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios (`50575199-1514-50c1-89a9-fe9479fd126c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/nagios4`	purl2cpe	2026-06-01 10:14:43.785088
`pkg:deb/ubuntu/nagios4`	purl2cpe	2026-06-01 10:14:43.785090
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.785091
`pkg:rpm/fedora/nagios`	purl2cpe	2026-06-01 10:14:43.785093
`pkg:rpm/opensuse/nagios`	purl2cpe	2026-06-01 10:14:43.785094
`pkg:sourceforge/nagios`	purl2cpe	2026-06-01 10:14:43.785095

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1523`	vulnerable	2026-06-03 14:31:02.183389	Details available Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. Published: 2011-05-03T19:00:00.000Z Updated: 2024-08-06T22:28:41.906Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/8241 http://secunia.com/advisories/43287 https://bugzilla.redhat.com/show_bug.cgi?id=690877 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-6373`	vulnerable	2026-06-03 14:29:13.223101	Details available Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Published: 2009-03-02T19:00:00.000Z Updated: 2024-08-07T11:27:35.625Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/news/#88 http://www.securitytracker.com/id?1022165 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://www.nagios.org/development/history/nagios-3x.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5028`	vulnerable	2026-06-03 14:29:07.074610	Details available Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:16.763Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel https://exchange.xforce.ibmcloud.com/vulnerabilities/46521 http://security.gentoo.org/glsa/glsa-200907-15.xml http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5027`	vulnerable	2026-06-03 14:29:07.049680	Details available The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. Published: 2008-11-10T15:00:00.000Z Updated: 2024-08-07T10:40:17.262Z Open on db.gcve.eu Reference links http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.vupen.com/english/advisories/2008/3364 http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/development/history/nagios-3x.php http://secunia.com/advisories/33320	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1360`	vulnerable	2026-06-03 14:28:40.285968	Details available Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. Published: 2008-03-17T17:00:00.000Z Updated: 2024-08-07T08:17:34.572Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2008/0900/references http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 http://secunia.com/advisories/29363 http://www.nagios.org/development/changelog.php#2x_branch	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-5803`	vulnerable	2026-06-03 14:28:27.897818	Details available Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. Published: 2008-05-13T23:00:00.000Z Updated: 2024-08-07T15:47:00.589Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html https://exchange.xforce.ibmcloud.com/vulnerabilities/42522 http://secunia.com/advisories/30202 http://www.vupen.com/english/advisories/2008/1567/references http://sourceforge.net/project/shownotes.php?release_id=600377&group_id=26589	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2489`	vulnerable	2026-06-03 14:27:32.407817	Details available Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. Published: 2006-05-19T23:00:00.000Z Updated: 2024-08-07T17:51:04.646Z Open on db.gcve.eu Reference links http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 http://www.debian.org/security/2006/dsa-1072 http://www.nagios.org/development/changelog.php https://usn.ubuntu.com/287-1/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.