Nagios

Remote Plug In Executor

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2020-6581

Exploit
  • EPSS 0.27%
  • Veröffentlicht 16.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:00

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

7.5

CVE-2020-6582

Exploit
  • EPSS 1.65%
  • Veröffentlicht 16.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:00

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

7.5

CVE-2013-1362

  • EPSS 76.44%
  • Veröffentlicht 09.07.2013 17:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.