GCVE - cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios:4.0.0:beta3:*:*:*:*:*:*

part: a version: 4.0.0 update: beta3

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios (`50575199-1514-50c1-89a9-fe9479fd126c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/nagios4`	purl2cpe	2026-06-01 10:14:43.823024
`pkg:deb/ubuntu/nagios4`	purl2cpe	2026-06-01 10:14:43.823026
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.823027
`pkg:rpm/fedora/nagios`	purl2cpe	2026-06-01 10:14:43.823029
`pkg:rpm/opensuse/nagios`	purl2cpe	2026-06-01 10:14:43.823030
`pkg:sourceforge/nagios`	purl2cpe	2026-06-01 10:14:43.823031

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-1878`	vulnerable	2026-06-03 14:33:48.748330	Details available Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. Published: 2014-02-28T15:00:00.000Z Updated: 2024-08-06T09:58:16.149Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html https://dev.icinga.org/issues/5434 https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6 https://bugzilla.redhat.com/show_bug.cgi?id=1066578 http://www.securityfocus.com/bid/65605	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2214`	vulnerable	2026-06-03 14:32:59.897852	Details available status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. Published: 2014-02-10T23:00:00.000Z Updated: 2024-08-06T15:27:41.093Z Open on db.gcve.eu Reference links http://seclists.org/oss-sec/2013/q2/622 http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html http://seclists.org/oss-sec/2013/q2/619 http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html http://tracker.nagios.org/view.php?id=456	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.