VYPR
Vendor

Nagios

Nagios is an open-source network and infrastructure monitoring system. It monitors hosts, services, and network devices, sending alerts when components fail and again when they recover. Originally written by Ethan Galstad in 1999 as NetSaint, it was renamed Nagios in 2002 after a trademark dispute. The name is a recursive acronym: "Nagios Ain't Gonna Insist On Sainthood."

Founded 1999
Products
25
CVEs
293
Across products
346
Status
Private

Products

25

Recent CVEs

293
View all 293 CVEs →
  • CVE-2018-8734CriApr 18, 2018
    risk 0.71cvss 9.8epss 0.53

    SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

  • CVE-2018-8733CriApr 18, 2018
    risk 0.69cvss 9.8epss 0.28

    Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.

  • CVE-2016-9565CriDec 15, 2016
    risk 0.69cvss 9.8epss 0.23

    MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2018-8735HigApr 18, 2018
    risk 0.65cvss 8.8epss 0.64

    Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.

  • CVE-2023-53948CriDec 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a…

  • CVE-2012-10029HigAug 5, 2025
    risk 0.64cvss epss 0.03

    Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution.

  • CVE-2018-8736HigApr 18, 2018
    risk 0.64cvss 8.8epss 0.47

    A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.

  • CVE-2016-0726CriJun 6, 2017
    risk 0.64cvss 9.8epss 0.02

    The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

  • CVE-2008-7313CriMar 31, 2017
    risk 0.64cvss 9.8epss 0.05

    The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

  • CVE-2014-5009CriMar 31, 2017
    risk 0.57cvss 9.8epss 0.05

    Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

  • CVE-2016-9566HigDec 15, 2016
    risk 0.54cvss 7.8epss 0.05

    base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

  • CVE-2017-14312HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging…

  • CVE-2016-10089HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.01

    Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.

  • CVE-2018-10738HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.

  • CVE-2018-10737HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.

  • CVE-2018-10736HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

  • CVE-2018-10735HigMay 16, 2018
    risk 0.50cvss 7.2epss 0.43

    A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.

  • CVE-2023-37154HigOct 9, 2024
    risk 0.48cvss 8.4epss 0.00

    check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.

  • CVE-2018-10553MedApr 30, 2018
    risk 0.45cvss 6.5epss 0.39

    An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.

  • CVE-2017-12847MedAug 23, 2017
    risk 0.41cvss 6.3epss 0.01

    Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill…