Filtered by vendor Nagios
Subscriptions
Filtered by product Nagios Xi
Subscriptions
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2024-08-04 | 9.8 Critical |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | ||||
| CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 8.8 High |
| Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | ||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | ||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | ||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | ||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | ||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 8.8 High |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | ||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.2 High |
| NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time | ||||
| CVE-2020-15902 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 6.1 Medium |
| Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | ||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 9.8 Critical |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | ||||
| CVE-2020-15901 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 8.8 High |
| In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | ||||
| CVE-2020-10820 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | ||||
| CVE-2020-10821 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | ||||
| CVE-2020-10819 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 4.8 Medium |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | ||||
| CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.2 High |
| Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | ||||
| CVE-2020-5792 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.2 High |
| Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | ||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.8 High |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | ||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 6.5 Medium |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2021-40343 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.8 High |
| An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | ||||
| CVE-2021-40345 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.2 High |
| An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | ||||