Filtered by vendor Nagios
Subscriptions
Total
174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-12501 | 1 Nagios | 1 Fusion | 2024-09-17 | N/A |
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | ||||
CVE-2018-15709 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | ||||
CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
CVE-2018-15711 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. | ||||
CVE-2018-15710 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | ||||
CVE-2013-6875 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | ||||
CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | ||||
CVE-2002-1959 | 1 Nagios | 1 Nagios | 2024-09-16 | N/A |
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. | ||||
CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | ||||
CVE-2019-3698 | 3 Nagios, Opensuse, Suse | 4 Nagios, Backports Sle, Leap and 1 more | 2024-09-16 | 5.7 Medium |
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. | ||||
CVE-2024-43199 | 1 Nagios | 1 Ndoutils | 2024-09-13 | 8.8 High |
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. | ||||
CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2024-08-28 | 9.8 Critical |
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | ||||
CVE-2006-2489 | 1 Nagios | 1 Nagios | 2024-08-07 | N/A |
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. | ||||
CVE-2006-2162 | 1 Nagios | 1 Nagios | 2024-08-07 | N/A |
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. | ||||
CVE-2007-5803 | 1 Nagios | 1 Nagios | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. | ||||
CVE-2007-5623 | 1 Nagios | 1 Plugins | 2024-08-07 | N/A |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. | ||||
CVE-2007-5624 | 1 Nagios | 1 Nagios | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. | ||||
CVE-2007-5198 | 1 Nagios | 1 Plugins | 2024-08-07 | N/A |
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | ||||
CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2024-08-07 | N/A |
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. |