VYPR

Vendor CVEs

Nagios

All CVEs

293 total · sorted by risk
  • CVE-2021-26024Feb 3, 2021
    risk 0.00cvss epss 0.19

    The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.

  • CVE-2020-27991Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

  • CVE-2020-27990Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

  • CVE-2020-27989Nov 16, 2020
    risk 0.00cvss epss 0.22

    Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

  • CVE-2020-5796Nov 13, 2020
    risk 0.00cvss epss 0.02

    Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

  • CVE-2020-5790Oct 20, 2020
    risk 0.00cvss epss 0.02

    Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

  • CVE-2020-13977Jun 9, 2020
    risk 0.00cvss epss 0.03

    Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this…

  • CVE-2020-10820Mar 22, 2020
    risk 0.00cvss epss 0.30

    Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.

  • CVE-2020-6582Mar 16, 2020
    risk 0.00cvss epss 0.04

    Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

  • CVE-2020-6581Mar 16, 2020
    risk 0.00cvss epss 0.02

    Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

  • CVE-2020-6584Mar 16, 2020
    risk 0.00cvss epss 0.04

    Nagios Log Server 2.1.3 has Incorrect Access Control.

  • CVE-2020-6585Mar 16, 2020
    risk 0.00cvss epss 0.01

    Nagios Log Server 2.1.3 has CSRF.

  • CVE-2019-3698Feb 28, 2020
    risk 0.00cvss epss 0.01

    UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This…

  • CVE-2019-15898Sep 3, 2019
    risk 0.00cvss epss 0.02

    Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.

  • CVE-2018-17147Jul 10, 2019
    risk 0.00cvss epss 0.03

    Nagios XI before 5.5.4 has XSS in the auto login admin management page.

  • CVE-2018-17146Jun 19, 2019
    risk 0.00cvss epss 0.04

    A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.

  • CVE-2018-17148Jun 19, 2019
    risk 0.00cvss epss 0.04

    An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

  • CVE-2019-9166Mar 28, 2019
    risk 0.00cvss epss 0.01

    Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

  • CVE-2019-9203Mar 28, 2019
    risk 0.00cvss epss 0.20

    Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.

  • CVE-2019-9204Mar 28, 2019
    risk 0.00cvss epss 0.20

    SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.

  • CVE-2018-18245Dec 17, 2018
    risk 0.00cvss epss 0.03

    Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

  • CVE-2018-20171Dec 17, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.

  • CVE-2018-20172Dec 17, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.

  • CVE-2018-15713Nov 14, 2018
    risk 0.00cvss epss 0.07

    Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

  • CVE-2014-4702Dec 5, 2014
    risk 0.00cvss epss 0.00

    The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.

  • CVE-2014-4701Dec 5, 2014
    risk 0.00cvss epss 0.01

    The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.

  • CVE-2014-8994Nov 28, 2014
    risk 0.00cvss epss 0.00

    The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).

  • CVE-2013-4215May 5, 2014
    risk 0.00cvss epss 0.00

    The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.

  • CVE-2014-1878Feb 28, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to…

  • CVE-2013-2214Feb 10, 2014
    risk 0.00cvss epss 0.04

    status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2)…

  • CVE-2013-7205Jan 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in…

  • CVE-2013-4214Nov 23, 2013
    risk 0.00cvss epss 0.00

    rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

  • CVE-2011-1523May 3, 2011
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.

  • CVE-2008-6373Mar 2, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."

  • CVE-2008-5028Nov 10, 2008
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

  • CVE-2008-4796Oct 30, 2008
    risk 0.00cvss epss 0.09

    The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell…

  • CVE-2007-5803May 13, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.

  • CVE-2008-1360Mar 17, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.

  • CVE-2007-5624Oct 23, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.

  • CVE-2007-5623Oct 23, 2007
    risk 0.00cvss epss 0.03

    Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.

  • CVE-2006-2489May 19, 2006
    risk 0.00cvss epss 0.05

    Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than…

  • CVE-2006-2162May 3, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.

  • CVE-2002-1959Dec 31, 2002
    risk 0.00cvss epss 0.04

    Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.

Page 6 of 6