Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-35269 Cross-Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
network
nagios CWE-352
6.8
2020-11-16 CVE-2020-27991 Cross-Site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
network
nagios CWE-79
3.5
2020-11-16 CVE-2020-27990 Cross-Site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
network
nagios CWE-79
3.5
2020-11-16 CVE-2020-27989 Cross-Site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
network
nagios CWE-79
3.5
2020-11-16 CVE-2020-27988 Cross-Site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
network
nagios CWE-79
3.5
2020-11-16 CVE-2020-28648 Improper Input Validation vulnerability in Nagios XI
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
network
low complexity
nagios CWE-20
6.5
2020-11-13 CVE-2020-5796 Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
local
low complexity
nagios CWE-281
7.2
2020-10-20 CVE-2020-5792 Command Injection vulnerability in Nagios XI 5.7.3
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
network
low complexity
nagios CWE-77
6.5
2020-10-20 CVE-2020-5791 OS Command Injection vulnerability in Nagios XI 5.7.3
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
network
low complexity
nagios CWE-78
critical
9.0
2020-10-20 CVE-2020-5790 Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
network
nagios CWE-352
4.3