cbcvebase.

Debian Nagios-Nrpe vulnerabilities

4 known vulnerabilities affecting debian/nagios-nrpe.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2LOW2

Vulnerabilities

Page 1 of 1
CVE-2013-1362P2LOWCVSS 7.5PoCfixed in nagios-nrpe 2.13-3 (bookworm)2013
CVE-2013-1362 [HIGH] CVE-2013-1362: nagios-nrpe - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (... Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash. Scope: local bookworm: resolved (fixed in 2.13-3) bullseye: resolved (fixed in 2.13-3) forky: resolved (fixed in 2.13-3) sid: resolved (fixed
debian
CVE-2014-2913P3LOWCVSS 7.5PoCfixed in nagios-nrpe 2.15-1 (bookworm)2014
CVE-2014-2913 [HIGH] CVE-2014-2913: nagios-nrpe - Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (N... Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue ca
debian
CVE-2020-6582P3HIGHCVSS 7.5fixed in nagios-nrpe 4.0.0-1 (bookworm)2020
CVE-2020-6582 [HIGH] CVE-2020-6582: nagios-nrpe - Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpret... Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. Scope: local bookworm: resolved (fixed in 4.0.0-1) bullseye: resolved (fixed in 4.0.0-1) forky: resolved (fixed in 4.0.0-1) sid: resolved (fixed in 4.0.0-1) trixie: resolved (fixed in 4.0.0-1)
debian
CVE-2020-6581P3HIGHCVSS 7.3fixed in nagios-nrpe 4.0.0-1 (bookworm)2020
CVE-2020-6581 [HIGH] CVE-2020-6581: nagios-nrpe - Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metacha... Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection. Scope: local bookworm: resolved (fixed in 4.0.0-1) bullseye: resolved (fixed in 4.0.0-1) forky: resolved (fixed in 4.0.0-1) sid: resolved (fixed in 4.0.0-1) trixi
debian
Debian Nagios-Nrpe vulnerabilities | cvebase