Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-15708 Unspecified vulnerability in Nagios XI 5.5.6
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
nagios
critical
9.8
2018-08-01 CVE-2016-8641 Unspecified vulnerability in Nagios
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards.
local
low complexity
nagios
7.8
2018-07-12 CVE-2018-13458 NULL Pointer Dereference vulnerability in Nagios Core
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
local
low complexity
nagios CWE-476
5.5
2018-07-12 CVE-2018-13457 NULL Pointer Dereference vulnerability in Nagios Core
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
local
low complexity
nagios CWE-476
5.5
2018-07-12 CVE-2018-13441 NULL Pointer Dereference vulnerability in Nagios
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
local
low complexity
nagios CWE-476
5.5
2018-06-16 CVE-2018-12501 Cross-site Scripting vulnerability in Nagios Fusion
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
network
low complexity
nagios CWE-79
6.1
2018-05-16 CVE-2018-10738 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10737 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10736 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10735 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
network
low complexity
nagios CWE-89
7.2