Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-37351 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | 5.3 |
| 2021-08-13 | CVE-2021-37352 | Open Redirect vulnerability in Nagios XI An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. | 6.1 |
| 2021-08-13 | CVE-2021-37353 | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. | 9.8 |
| 2021-07-30 | CVE-2021-35478 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. | 5.4 |
| 2021-07-30 | CVE-2021-35479 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. | 5.4 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 7.2 |
| 2021-05-24 | CVE-2020-28900 | Insufficient Verification of Data Authenticity vulnerability in Nagios Fusion and Nagios XI Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | 9.8 |
| 2021-05-24 | CVE-2020-28901 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php. | 9.8 |
| 2021-05-24 | CVE-2020-28902 | Command Injection vulnerability in Nagios Fusion Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php. | 9.8 |
| 2021-05-24 | CVE-2020-28903 | Cross-site Scripting vulnerability in Nagios Fusion Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. | 6.1 |