← Back

Nagios

nagios

301 CVEs • 18 products

Products (18)

Click to collapse
Toggle
Nagios Xi
nagios_xi
192 CVEs
Nagios
nagios
37 CVEs
Log Server
log_server
23 CVEs
Fusion
fusion
19 CVEs
Network Analyzer
network_analyzer
7 CVEs
Nagios Core
nagios_core
5 CVEs
Plugins
plugins
3 CVEs
Remote Plug In Executor
remote_plug_in_executor
3 CVEs
Incident Manager
incident_manager
3 CVEs
Favorites
favorites
2 CVEs
Nagios Cross Platform Agent
nagios_cross_platform_agent
2 CVEs
Remote Plugin Executor
remote_plugin_executor
1 CVE
Business Process Intelligence
business_process_intelligence
1 CVE
Nagios Xi Switch Wizard
nagios_xi_switch_wizard
1 CVE
Nagios Xi Watchguard Wizard
nagios_xi_watchguard_wizard
1 CVE
Nagios Xi Docker Wizard
nagios_xi_docker_wizard
1 CVE
Ndoutils
ndoutils
1 CVE
Nagios Network Analyzer
nagios_network_analyzer
1 CVE

CVEs (301)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-8735
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 18, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
CVE-2018-8734
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 18, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
CVE-2018-8733
1Nagios
1Nagios Xi
Nov 21, 2024
Apr 18, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection v...Show more
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.Show less
CVE-2015-3618
1Nagios
1Business Process Intelligence
Nov 21, 2024
Feb 6, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
CVE-2017-14312
1Nagios
1Nagios Core
May 13, 2026
Sep 11, 2017
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account),...Show more
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.Show less
CVE-2017-12847
1Nagios
1Nagios
May 13, 2026
Aug 23, 2017
N/A· v4
6.3 MEDIUM· v3
6.3 MEDIUM· v2
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios....Show more
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.Show less
CVE-2016-0726
1Nagios
1Nagios
May 13, 2026
Jun 6, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
CVE-2016-6209
1Nagios
1Nagios
May 13, 2026
Mar 31, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Nagios.
CVE-2014-5009
3Nagios
RedhatSnoopy
3Nagios
OpenstackSnoopy
May 13, 2026
Mar 31, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2008-7313
3Nagios
RedhatSnoopy
3Nagios
OpenstackSnoopy
May 13, 2026
Mar 31, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2016-10089
1Nagios
1Nagios
May 13, 2026
Feb 15, 2017
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
CVE-2016-9566
1Nagios
1Nagios
May 6, 2026
Dec 15, 2016
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers u...Show more
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.Show less
CVE-2016-9565
1Nagios
1Nagios
May 6, 2026
Dec 15, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulne...Show more
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.Show less
CVE-2014-4703
1Nagios
1Nagios
May 6, 2026
Dec 5, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete...Show more
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.Show less
CVE-2014-4702
1Nagios
1Nagios
May 6, 2026
Dec 5, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.
CVE-2014-4701
1Nagios
1Nagios
May 6, 2026
Dec 5, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
CVE-2014-2913
2Nagios
Opensuse
2Opensuse
Remote Plugin Executor
May 6, 2026
May 7, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe....Show more
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the commentsShow less
CVE-2013-4215
1Nagios
1Plugins
May 6, 2026
May 5, 2014
N/A· v4
N/A· v3
4.4 MEDIUM· v2
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
CVE-2014-1878
2Icinga
Nagios
2Icinga
Nagios
Apr 29, 2026
Feb 28, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a den...Show more
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.Show less
CVE-2013-2214
1Nagios
1Nagios
Apr 29, 2026
Feb 10, 2014
N/A· v4
N/A· v3
4.0 MEDIUM· v2
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information...Show more
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1.Show less