Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-30 | CVE-2018-10554 | Cross-site Scripting vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 5.4 |
| 2018-04-30 | CVE-2018-10553 | Path Traversal vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 6.5 |
| 2018-04-18 | CVE-2018-8736 | Unspecified vulnerability in Nagios XI A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. | 8.8 |
| 2018-04-18 | CVE-2018-8735 | OS Command Injection vulnerability in Nagios XI Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | 8.8 |
| 2018-04-18 | CVE-2018-8734 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | 9.8 |
| 2018-04-18 | CVE-2018-8733 | SQL Injection vulnerability in Nagios XI Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | 9.8 |
| 2018-02-06 | CVE-2015-3618 | Cross-site Scripting vulnerability in Nagios Business Process Intelligence Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. | 6.1 |
| 2017-09-11 | CVE-2017-14312 | Improper Privilege Management vulnerability in Nagios Core Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | 7.8 |
| 2017-08-23 | CVE-2017-12847 | Improper Initialization vulnerability in Nagios Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 6.3 |
| 2017-06-06 | CVE-2016-0726 | Use of Hard-coded Credentials vulnerability in Nagios The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | 9.8 |