GCVE - cpe:2.3:a:nagios:nagios:3.4.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios:3.4.4:*:*:*:*:*:*:*

part: a version: 3.4.4 update: *

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios (`50575199-1514-50c1-89a9-fe9479fd126c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/nagios4`	purl2cpe	2026-06-01 10:14:43.799469
`pkg:deb/ubuntu/nagios4`	purl2cpe	2026-06-01 10:14:43.799470
`pkg:github/nagiosenterprises/nagioscore`	purl2cpe	2026-06-01 10:14:43.799472
`pkg:rpm/fedora/nagios`	purl2cpe	2026-06-01 10:14:43.799473
`pkg:rpm/opensuse/nagios`	purl2cpe	2026-06-01 10:14:43.799474
`pkg:sourceforge/nagios`	purl2cpe	2026-06-01 10:14:43.799476

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4214`	vulnerable	2026-06-03 14:33:10.306448	Details available rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Published: 2013-11-23T17:00:00.000Z Updated: 2024-08-06T16:38:01.466Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2013-1526.html https://bugzilla.redhat.com/show_bug.cgi?id=958002 https://www.nagios.org/projects/nagios-core/history/4x/ http://www.securityfocus.com/bid/61747	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2214`	vulnerable	2026-06-03 14:32:59.895610	Details available status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. Published: 2014-02-10T23:00:00.000Z Updated: 2024-08-06T15:27:41.093Z Open on db.gcve.eu Reference links http://seclists.org/oss-sec/2013/q2/622 http://lists.opensuse.org/opensuse-updates/2013-07/msg00029.html http://seclists.org/oss-sec/2013/q2/619 http://lists.opensuse.org/opensuse-updates/2013-07/msg00031.html http://tracker.nagios.org/view.php?id=456	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.