Published: 15 December 2016
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
CVSS 3 base score: 9.8
80_dont_call_home.patch removes RSS news feeds and update checks