Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-37347 | Path Traversal vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | 4.6 |
| 2021-08-13 | CVE-2021-37348 | Files or Directories Accessible to External Parties vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | 5.0 |
| 2021-08-13 | CVE-2021-37349 | Unspecified vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | 4.6 |
| 2021-08-13 | CVE-2021-37350 | SQL Injection vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | 7.5 |
| 2021-08-13 | CVE-2021-37351 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | 5.0 |
| 2021-08-13 | CVE-2021-37352 | Open Redirect vulnerability in Nagios XI An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. | 5.8 |
| 2021-08-13 | CVE-2021-37353 | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | 7.5 |
| 2021-07-30 | CVE-2021-35478 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. | 3.5 |
| 2021-07-30 | CVE-2021-35479 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. | 3.5 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 6.5 |