Vulnerabilities > Nagios > Nagios > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-13977 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 4.9 |
| 2020-03-16 | CVE-2020-6586 | Cross-site Scripting vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. | 5.4 |
| 2020-03-16 | CVE-2020-6584 | Improper Privilege Management vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 has Incorrect Access Control. | 6.5 |
| 2018-07-12 | CVE-2018-13441 | NULL Pointer Dereference vulnerability in Nagios qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 5.5 |
| 2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
| 2017-03-31 | CVE-2016-6209 | Cross-site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in Nagios. | 6.1 |