Nagios
by Nagios
Source repositories
CVEs (124)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51072 | 0.00 | — | 0.01 | Feb 2, 2024 | A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows… | |||
| CVE-2023-40934 | 0.00 | — | 0.06 | Sep 19, 2023 | A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | |||
| CVE-2023-40932 | 0.00 | — | 0.02 | Sep 19, 2023 | A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the… | |||
| CVE-2020-23992 | 0.00 | — | 0.02 | Aug 22, 2023 | Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | |||
| CVE-2022-29272 | 0.00 | — | 0.04 | Jun 29, 2022 | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||
| CVE-2022-29269 | 0.00 | — | 0.03 | Jun 29, 2022 | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | |||
| CVE-2021-36365 | 0.00 | — | 0.04 | Sep 28, 2021 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | |||
| CVE-2021-37345 | 0.00 | — | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | |||
| CVE-2021-37347 | 0.00 | — | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | |||
| CVE-2021-37349 | 0.00 | — | 0.01 | Aug 13, 2021 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | |||
| CVE-2021-37352 | 0.00 | — | 0.06 | Aug 13, 2021 | An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | |||
| CVE-2020-28906 | 0.00 | — | 0.05 | May 24, 2021 | Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root. | |||
| CVE-2021-26024 | 0.00 | — | 0.19 | Feb 3, 2021 | The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | |||
| CVE-2020-27991 | 0.00 | — | 0.22 | Nov 16, 2020 | Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | |||
| CVE-2020-27990 | 0.00 | — | 0.22 | Nov 16, 2020 | Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | |||
| CVE-2020-27989 | 0.00 | — | 0.22 | Nov 16, 2020 | Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | |||
| CVE-2020-10820 | 0.00 | — | 0.30 | Mar 22, 2020 | Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | |||
| CVE-2019-3698 | 0.00 | — | 0.01 | Feb 28, 2020 | UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This… | |||
| CVE-2018-17147 | 0.00 | — | 0.03 | Jul 10, 2019 | Nagios XI before 5.5.4 has XSS in the auto login admin management page. | |||
| CVE-2018-17146 | 0.00 | — | 0.04 | Jun 19, 2019 | A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. |
- CVE-2023-51072Feb 2, 2024risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows…
- CVE-2023-40934Sep 19, 2023risk 0.00cvss —epss 0.06
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
- CVE-2023-40932Sep 19, 2023risk 0.00cvss —epss 0.02
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the…
- CVE-2020-23992Aug 22, 2023risk 0.00cvss —epss 0.02
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
- CVE-2022-29272Jun 29, 2022risk 0.00cvss —epss 0.04
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
- CVE-2022-29269Jun 29, 2022risk 0.00cvss —epss 0.03
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
- CVE-2021-36365Sep 28, 2021risk 0.00cvss —epss 0.04
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
- CVE-2021-37345Aug 13, 2021risk 0.00cvss —epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
- CVE-2021-37347Aug 13, 2021risk 0.00cvss —epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
- CVE-2021-37349Aug 13, 2021risk 0.00cvss —epss 0.01
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
- CVE-2021-37352Aug 13, 2021risk 0.00cvss —epss 0.06
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
- CVE-2020-28906May 24, 2021risk 0.00cvss —epss 0.05
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
- CVE-2021-26024Feb 3, 2021risk 0.00cvss —epss 0.19
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
- CVE-2020-27991Nov 16, 2020risk 0.00cvss —epss 0.22
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
- CVE-2020-27990Nov 16, 2020risk 0.00cvss —epss 0.22
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
- CVE-2020-27989Nov 16, 2020risk 0.00cvss —epss 0.22
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
- CVE-2020-10820Mar 22, 2020risk 0.00cvss —epss 0.30
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
- CVE-2019-3698Feb 28, 2020risk 0.00cvss —epss 0.01
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This…
- CVE-2018-17147Jul 10, 2019risk 0.00cvss —epss 0.03
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
- CVE-2018-17146Jun 19, 2019risk 0.00cvss —epss 0.04
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
Page 5 of 7