Nagios

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28904 1Nagios 1Fusion Nov 21, 2024 May 24, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
CVE-2020-28903 1Nagios 1Fusion Nov 21, 2024 May 24, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
CVE-2020-28902 1Nagios 1Fusion Nov 21, 2024 May 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVE-2020-28901 1Nagios 1Fusion Nov 21, 2024 May 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
CVE-2020-28900 1Nagios 2Fusion Nagios Xi Nov 21, 2024 May 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update p...Show more Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.Show less
CVE-2021-28925 1Nagios 1Network Analyzer Nov 21, 2024 Apr 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
CVE-2021-28924 1Nagios 1Network Analyzer Nov 21, 2024 Apr 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
CVE-2021-3273 1Nagios 1Nagios Xi Nov 21, 2024 Feb 25, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
CVE-2020-24899 1Nagios 1Nagios Xi Nov 21, 2024 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
CVE-2020-22427 1Nagios 1Nagios Xi Nov 21, 2024 Feb 15, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references ar...Show more NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later timeShow less
CVE-2021-25299 1Nagios 1Nagios Xi Nov 21, 2024 Feb 15, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously c...Show more Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.Show less
CVE-2021-25298 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-25297 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated use...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-25296 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authentic...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-26024 1Nagios 1Favorites Nov 21, 2024 Feb 3, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
CVE-2021-26023 1Nagios 1Favorites Nov 21, 2024 Feb 3, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
CVE-2021-3193 1Nagios 1Nagios Xi Nov 21, 2024 Jan 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
CVE-2020-25385 1Nagios 1Log Server Nov 21, 2024 Jan 20, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or...Show more Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.Show less
CVE-2020-35578 1Nagios 1Nagios Xi Nov 21, 2024 Jan 13, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-syst...Show more An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.Show less
CVE-2020-35269 1Nagios 1Nagios Core Nov 21, 2024 Dec 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.

Previous 1...91011...16 Next