Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2020-6582 | Incorrect Conversion between Numeric Types vulnerability in multiple products Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | 7.5 |
| 2020-03-16 | CVE-2020-6581 | Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). | 7.3 |
| 2020-03-16 | CVE-2020-6586 | Cross-site Scripting vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. | 5.4 |
| 2020-03-16 | CVE-2020-6585 | Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 has CSRF. | 8.8 |
| 2020-03-16 | CVE-2020-6584 | Improper Privilege Management vulnerability in Nagios 2.1.3 Nagios Log Server 2.1.3 has Incorrect Access Control. | 6.5 |
| 2020-02-28 | CVE-2019-3698 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. | 7.0 |
| 2019-12-31 | CVE-2019-20197 | OS Command Injection vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 8.8 |
| 2019-12-30 | CVE-2019-20139 | Cross-site Scripting vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. | 5.4 |
| 2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 8.8 |
| 2019-09-03 | CVE-2019-15898 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | 6.1 |