VYPR

Nagios

by Nagios

Source repositories

CVEs (124)

  • CVE-2023-51072Feb 2, 2024
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows…

  • CVE-2023-40934Sep 19, 2023
    risk 0.00cvss epss 0.06

    A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.

  • CVE-2023-40932Sep 19, 2023
    risk 0.00cvss epss 0.02

    A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the…

  • CVE-2020-23992Aug 22, 2023
    risk 0.00cvss epss 0.02

    Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.

  • CVE-2022-29272Jun 29, 2022
    risk 0.00cvss epss 0.04

    In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

  • CVE-2022-29269Jun 29, 2022
    risk 0.00cvss epss 0.03

    In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.

  • CVE-2021-36365Sep 28, 2021
    risk 0.00cvss epss 0.04

    Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.

  • CVE-2021-37345Aug 13, 2021
    risk 0.00cvss epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

  • CVE-2021-37347Aug 13, 2021
    risk 0.00cvss epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

  • CVE-2021-37349Aug 13, 2021
    risk 0.00cvss epss 0.01

    Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

  • CVE-2021-37352Aug 13, 2021
    risk 0.00cvss epss 0.06

    An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.

  • CVE-2020-28906May 24, 2021
    risk 0.00cvss epss 0.05

    Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

  • CVE-2021-26024Feb 3, 2021
    risk 0.00cvss epss 0.19

    The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.

  • CVE-2020-27991Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

  • CVE-2020-27990Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

  • CVE-2020-27989Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

  • CVE-2020-10820Mar 22, 2020
    risk 0.00cvss epss 0.30

    Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.

  • CVE-2019-3698Feb 28, 2020
    risk 0.00cvss epss 0.01

    UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This…

  • CVE-2018-17147Jul 10, 2019
    risk 0.00cvss epss 0.03

    Nagios XI before 5.5.4 has XSS in the auto login admin management page.

  • CVE-2018-17146Jun 19, 2019
    risk 0.00cvss epss 0.04

    A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.

Page 5 of 7