Filtered by vendor Nagios
Subscribe
Total
173 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-28909 | 1 Nagios | 1 Fusion | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | |||||
CVE-2021-37353 | 1 Nagios | 1 Nagios Xi Docker Wizard | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | |||||
CVE-2020-5792 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | |||||
CVE-2021-3273 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system. | |||||
CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | |||||
CVE-2021-26024 | 1 Nagios | 2 Favorites, Nagios Xi | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | |||||
CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | |||||
CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | |||||
CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | |||||
CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | |||||
CVE-2021-25299 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. | |||||
CVE-2021-25296 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
CVE-2021-26023 | 1 Nagios | 2 Favorites, Nagios Xi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | |||||
CVE-2021-25298 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | |||||
CVE-2020-35269 | 1 Nagios | 1 Nagios Core | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. | |||||
CVE-2020-25385 | 1 Nagios | 1 Log Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | |||||
CVE-2021-25297 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | |||||
CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. |