Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-6582 Incorrect Conversion between Numeric Types vulnerability in multiple products
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
network
low complexity
nagios fedoraproject CWE-681
7.5
2020-03-16 CVE-2020-6581 Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence).
local
low complexity
nagios fedoraproject
7.3
2020-03-16 CVE-2020-6586 Cross-site Scripting vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page.
network
low complexity
nagios CWE-79
5.4
2020-03-16 CVE-2020-6585 Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has CSRF.
network
low complexity
nagios CWE-352
8.8
2020-03-16 CVE-2020-6584 Improper Privilege Management vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has Incorrect Access Control.
network
low complexity
nagios CWE-269
6.5
2020-02-28 CVE-2019-3698 UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race.
local
high complexity
nagios opensuse
7.0
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
8.8
2019-12-30 CVE-2019-20139 Cross-site Scripting vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter.
network
low complexity
nagios CWE-79
5.4
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
8.8
2019-09-03 CVE-2019-15898 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
network
low complexity
nagios CWE-79
6.1