← Back

Nagios

nagios

301 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Nagios Xi
nagios_xi
192 CVEs
Nagios
nagios
37 CVEs
Log Server
log_server
23 CVEs
Fusion
fusion
19 CVEs
Network Analyzer
network_analyzer
7 CVEs
Nagios Core
nagios_core
5 CVEs
Plugins
plugins
3 CVEs
Remote Plug In Executor
remote_plug_in_executor
3 CVEs
Incident Manager
incident_manager
3 CVEs
Favorites
favorites
2 CVEs
Nagios Cross Platform Agent
nagios_cross_platform_agent
2 CVEs
Remote Plugin Executor
remote_plugin_executor
1 CVE
Business Process Intelligence
business_process_intelligence
1 CVE
Nagios Xi Switch Wizard
nagios_xi_switch_wizard
1 CVE
Nagios Xi Watchguard Wizard
nagios_xi_watchguard_wizard
1 CVE
Nagios Xi Docker Wizard
nagios_xi_docker_wizard
1 CVE
Ndoutils
ndoutils
1 CVE
Nagios Network Analyzer
nagios_network_analyzer
1 CVE

CVEs (301)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-37352
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to c...Show more
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.Show less
CVE-2021-37351
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
CVE-2021-37350
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
CVE-2021-37349
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
CVE-2021-37348
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
CVE-2021-37347
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
CVE-2021-37346
1Nagios
1Nagios Xi Watchguard Wizard
Nov 21, 2024
Aug 13, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
CVE-2021-37345
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
CVE-2021-37344
1Nagios
1Nagios Xi Switch Wizard
Nov 21, 2024
Aug 13, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
CVE-2021-37343
1Nagios
1Nagios Xi
Nov 21, 2024
Aug 13, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
CVE-2021-35479
1Nagios
1Log Server
Nov 21, 2024
Jul 30, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web p...Show more
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.Show less
CVE-2021-35478
1Nagios
1Log Server
Nov 21, 2024
Jul 30, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-...Show more
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.Show less
CVE-2021-3277
1Nagios
1Nagios Xi
Nov 21, 2024
Jun 7, 2021
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php...Show more
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.Show less
CVE-2020-28911
1Nagios
1Fusion
Nov 21, 2024
May 24, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
CVE-2020-28910
1Nagios
1Nagios Xi
Nov 21, 2024
May 24, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
CVE-2020-28909
1Nagios
1Fusion
Nov 21, 2024
May 24, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
CVE-2020-28908
1Nagios
1Fusion
Nov 21, 2024
May 24, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
CVE-2020-28907
1Nagios
1Fusion
Nov 21, 2024
May 24, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh...Show more
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.Show less
CVE-2020-28906
1Nagios
2Fusion
Nagios Xi
Nov 21, 2024
May 24, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scri...Show more
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.Show less
CVE-2020-28905
1Nagios
1Fusion
Nov 21, 2024
May 24, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.