Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2022-06-29 CVE-2022-29269 Injection vulnerability in Nagios XI
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
network
low complexity
nagios CWE-74
4.0
2022-06-29 CVE-2022-29270 Incorrect Authorization vulnerability in Nagios XI
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
network
low complexity
nagios CWE-863
4.0
2022-06-29 CVE-2022-29271 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services.
network
low complexity
nagios CWE-732
4.0
2022-06-29 CVE-2022-29272 Open Redirect vulnerability in Nagios XI
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
network
nagios CWE-601
5.8
2021-10-26 CVE-2021-40343 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
local
low complexity
nagios CWE-732
7.2
2021-10-26 CVE-2021-40344 Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
network
low complexity
nagios CWE-434
6.5
2021-10-26 CVE-2021-40345 Command Injection vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
network
low complexity
nagios CWE-77
critical
9.0
2021-10-14 CVE-2021-33177 SQL Injection vulnerability in Nagios XI
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection.
network
low complexity
nagios CWE-89
6.5
2021-10-14 CVE-2021-33179 Cross-site Scripting vulnerability in Nagios XI
The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting.
network
nagios CWE-79
4.3
2021-10-05 CVE-2021-37223 Server-Side Request Forgery (SSRF) vulnerability in Nagios XI
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php.
network
low complexity
nagios CWE-918
4.0