VYPR

Nagios

by Nagios

Source repositories

CVEs (124)

  • CVE-2022-38249Sep 7, 2022
    risk 0.03cvss epss 0.02

    Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.

  • CVE-2022-38251Sep 7, 2022
    risk 0.03cvss epss 0.02

    Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.

  • CVE-2022-38254Sep 7, 2022
    risk 0.03cvss epss 0.02

    Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

  • CVE-2021-33177Oct 14, 2021
    risk 0.03cvss epss 0.10

    The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.

  • CVE-2021-37350Aug 13, 2021
    risk 0.03cvss epss 0.79

    Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.

  • CVE-2020-15901Jul 22, 2020
    risk 0.03cvss epss 0.22

    In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.

  • CVE-2020-15902Jul 22, 2020
    risk 0.03cvss epss 0.35

    Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.

  • CVE-2019-20197Dec 31, 2019
    risk 0.03cvss epss 0.22

    In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.

  • CVE-2019-9202Mar 28, 2019
    risk 0.03cvss epss 0.24

    Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.

  • CVE-2014-4703Dec 5, 2014
    risk 0.03cvss epss 0.01

    lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.

  • CVE-2024-24402Feb 26, 2024
    risk 0.02cvss epss 0.03

    An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

  • CVE-2021-3273Feb 25, 2021
    risk 0.02cvss epss 0.06

    Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

  • CVE-2021-3193Jan 22, 2021
    risk 0.02cvss epss 0.10

    Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.

  • CVE-2020-10821Mar 22, 2020
    risk 0.02cvss epss 0.74

    Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.

  • CVE-2018-15712Nov 14, 2018
    risk 0.02cvss epss 0.49

    Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.

  • CVE-2018-15711Nov 14, 2018
    risk 0.02cvss epss 0.36

    Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

  • CVE-2018-15714Nov 14, 2018
    risk 0.02cvss epss 0.04

    Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.

  • CVE-2023-40933Sep 19, 2023
    risk 0.01cvss epss 0.05

    A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

  • CVE-2021-36366Sep 28, 2021
    risk 0.01cvss epss 0.04

    Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.

  • CVE-2021-36364Sep 28, 2021
    risk 0.01cvss epss 0.04

    Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.

Page 3 of 7