Filtered by vendor Nagios
Subscriptions
Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48082 | 1 Nagios | 1 Xi | 2024-10-25 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2023-37154 | 1 Nagios | 1 Plugins | 2024-10-10 | 8.4 High |
| check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | ||||
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-10-03 | 6.1 Medium |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | ||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2024-09-25 | 6.5 Medium |
| A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | ||||
| CVE-2023-40934 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 7.2 High |
| A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | ||||
| CVE-2023-40932 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials. | ||||
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 8.8 High |
| A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | ||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2024-09-17 | N/A |
| Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | ||||
| CVE-2018-15709 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | ||||
| CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2018-15711 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. | ||||
| CVE-2018-15710 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | ||||
| CVE-2013-6875 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | ||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | ||||
| CVE-2002-1959 | 1 Nagios | 1 Nagios | 2024-09-16 | N/A |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. | ||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | ||||
| CVE-2019-3698 | 3 Nagios, Opensuse, Suse | 4 Nagios, Backports Sle, Leap and 1 more | 2024-09-16 | 5.7 Medium |
| UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. | ||||
| CVE-2024-43199 | 1 Nagios | 1 Ndoutils | 2024-09-13 | 8.8 High |
| Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. | ||||
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2024-08-28 | 9.8 Critical |
| Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | ||||