Vulnerabilities > Nagios > Nagios XI > 5.5.11

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2020-28906 Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root.
network
low complexity
nagios CWE-276
8.8
2021-05-24 CVE-2020-28910 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
network
low complexity
nagios CWE-732
critical
9.8
2021-02-25 CVE-2021-3273 Code Injection vulnerability in Nagios XI
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component.
network
low complexity
nagios CWE-94
7.2
2021-02-15 CVE-2021-25298 Unspecified vulnerability in Nagios XI
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
2021-02-15 CVE-2021-25297 Unspecified vulnerability in Nagios XI
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
2021-02-15 CVE-2021-25296 Unspecified vulnerability in Nagios XI
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
2021-01-26 CVE-2021-3193 Unspecified vulnerability in Nagios XI
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
network
low complexity
nagios
critical
9.8
2021-01-13 CVE-2020-35578 OS Command Injection vulnerability in Nagios XI
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0.
network
low complexity
nagios CWE-78
7.2
2020-11-16 CVE-2020-27991 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
network
low complexity
nagios CWE-79
5.4
2020-11-16 CVE-2020-27990 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
network
low complexity
nagios CWE-79
5.4