← Back

Nagios

nagios

301 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Nagios Xi
nagios_xi
192 CVEs
Nagios
nagios
37 CVEs
Log Server
log_server
23 CVEs
Fusion
fusion
19 CVEs
Network Analyzer
network_analyzer
7 CVEs
Nagios Core
nagios_core
5 CVEs
Plugins
plugins
3 CVEs
Remote Plug In Executor
remote_plug_in_executor
3 CVEs
Incident Manager
incident_manager
3 CVEs
Favorites
favorites
2 CVEs
Nagios Cross Platform Agent
nagios_cross_platform_agent
2 CVEs
Remote Plugin Executor
remote_plugin_executor
1 CVE
Business Process Intelligence
business_process_intelligence
1 CVE
Nagios Xi Switch Wizard
nagios_xi_switch_wizard
1 CVE
Nagios Xi Watchguard Wizard
nagios_xi_watchguard_wizard
1 CVE
Nagios Xi Docker Wizard
nagios_xi_docker_wizard
1 CVE
Ndoutils
ndoutils
1 CVE
Nagios Network Analyzer
nagios_network_analyzer
1 CVE

CVEs (301)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-18245
2Debian
Nagios
2Debian Linux
Nagios Core
Nov 21, 2024
Dec 17, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
CVE-2018-15714
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2018-15713
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-15712
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2018-15711
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
CVE-2018-15710
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2018-15709
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-15708
1Nagios
1Nagios Xi
Nov 21, 2024
Nov 14, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2016-8641
1Nagios
1Nagios
Nov 21, 2024
Aug 1, 2018
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create...Show more
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.Show less
CVE-2018-13458
1Nagios
1Nagios Core
Nov 21, 2024
Jul 12, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...Show more
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.Show less
CVE-2018-13457
1Nagios
1Nagios Core
Nov 21, 2024
Jul 12, 2018
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket...Show more
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.Show less
CVE-2018-13441
1Nagios
1Nagios
Nov 21, 2024
Jul 12, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX...Show more
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.Show less
CVE-2018-12501
1Nagios
1Fusion
Nov 21, 2024
Jun 16, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
CVE-2018-10738
1Nagios
1Nagios Xi
Nov 21, 2024
May 16, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
CVE-2018-10737
1Nagios
1Nagios Xi
Nov 21, 2024
May 16, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
CVE-2018-10736
1Nagios
1Nagios Xi
Nov 21, 2024
May 16, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
CVE-2018-10735
1Nagios
1Nagios Xi
Nov 21, 2024
May 16, 2018
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
CVE-2018-10554
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 30, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/compone...Show more
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.Show less
CVE-2018-10553
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 30, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.
CVE-2018-8736
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 18, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.