Filtered by vendor Nagios
Subscribe
Total
184 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38156 | 1 Nagios | 1 Nagios Xi | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | |||||
| CVE-2019-3698 | 3 Nagios, Opensuse, Suse | 4 Nagios, Backports Sle, Leap and 1 more | 2021-09-14 | 6.9 MEDIUM | 7.0 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. | |||||
| CVE-2021-37353 | 1 Nagios | 1 Nagios Xi Docker Wizard | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | |||||
| CVE-2021-37346 | 1 Nagios | 1 Nagios Xi Watchguard Wizard | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). | |||||
| CVE-2021-37344 | 1 Nagios | 1 Nagios Xi Switch Wizard | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). | |||||
| CVE-2021-37352 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | |||||
| CVE-2021-37351 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | |||||
| CVE-2021-37350 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | |||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | |||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | |||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | |||||
| CVE-2021-3277 | 1 Nagios | 1 Nagios Xi | 2021-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | |||||
| CVE-2020-28907 | 1 Nagios | 1 Fusion | 2021-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh. | |||||
| CVE-2020-28908 | 1 Nagios | 1 Fusion | 2021-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios. | |||||
| CVE-2020-28909 | 1 Nagios | 1 Fusion | 2021-06-03 | 9.0 HIGH | 8.8 HIGH |
| Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | |||||
| CVE-2020-28911 | 1 Nagios | 1 Fusion | 2021-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | |||||
| CVE-2020-28902 | 1 Nagios | 1 Fusion | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | |||||
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | |||||
| CVE-2020-28903 | 1 Nagios | 1 Fusion | 2021-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. | |||||