Search
Total
18 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2023-12-19 | N/A | 9.8 CRITICAL |
| Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | |||||
| CVE-2023-48085 | 1 Nagios | 1 Nagios Xi | 2023-12-19 | N/A | 9.8 CRITICAL |
| Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | |||||
| CVE-2020-28910 | 1 Nagios | 1 Nagios Xi | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | |||||
| CVE-2021-36364 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | |||||
| CVE-2021-36366 | 1 Nagios | 1 Nagios Xi | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | |||||
| CVE-2021-36365 | 1 Nagios | 1 Nagios Xi | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | |||||
| CVE-2021-36363 | 1 Nagios | 1 Nagios Xi | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | |||||
| CVE-2021-37350 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | |||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | |||||
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2021-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | |||||
| CVE-2021-3193 | 1 Nagios | 1 Nagios Xi | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | |||||
| CVE-2020-15901 | 1 Nagios | 1 Nagios Xi | 2020-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | |||||
| CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2018-8733 | 1 Nagios | 1 Nagios Xi | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | |||||
| CVE-2019-12279 | 1 Nagios | 1 Nagios Xi | 2019-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck. | |||||
| CVE-2018-17148 | 1 Nagios | 1 Nagios Xi | 2019-06-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | |||||
| CVE-2019-9165 | 1 Nagios | 1 Nagios Xi | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||||
| CVE-2018-8734 | 1 Nagios | 1 Nagios Xi | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | |||||