Vulnerabilities > Nagios
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-30 | CVE-2019-20139 | Cross-site Scripting vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. | 3.5 |
2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 9.0 |
2019-09-03 | CVE-2019-15898 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | 4.3 |
2019-07-10 | CVE-2018-17147 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.5.4 has XSS in the auto login admin management page. | 3.5 |
2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 5.0 |
2019-06-19 | CVE-2018-17146 | Cross-site Scripting vulnerability in Nagios XI A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. | 3.5 |
2019-05-22 | CVE-2019-12279 | SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). | 9.8 |
2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
2019-03-28 | CVE-2019-9204 | SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1 SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | 9.8 |