Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28911 | Insecure Storage of Sensitive Information vulnerability in Nagios Fusion Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | 4.0 |
| 2021-04-08 | CVE-2021-28925 | SQL Injection vulnerability in Nagios Network Analyzer SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. | 7.5 |
| 2021-04-08 | CVE-2021-28924 | Cross-site Scripting vulnerability in Nagios Network Analyzer Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | 4.3 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 9.0 |
| 2021-02-15 | CVE-2020-24899 | Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 6.5 |
| 2021-02-15 | CVE-2020-22427 | Unspecified vulnerability in Nagios XI 5.6.11 NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. | 7.2 |
| 2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 4.3 |
| 2021-02-15 | CVE-2021-25298 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25297 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25296 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |