Vulnerabilities > Nagios

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-26	CVE-2021-3193	Unspecified vulnerability in Nagios XI Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. network low complexity nagios critical	9.8
2021-01-20	CVE-2020-25385	Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. network low complexity nagios CWE-79	6.1
2021-01-13	CVE-2020-35578	OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. network low complexity nagios CWE-78	7.2
2020-12-23	CVE-2020-35269	Cross-Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4 Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. network low complexity nagios CWE-352	8.8
2020-11-16	CVE-2020-27991	Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). network low complexity nagios CWE-79	5.4
2020-11-16	CVE-2020-27990	Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). network low complexity nagios CWE-79	5.4
2020-11-16	CVE-2020-27989	Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). network low complexity nagios CWE-79	5.4
2020-11-16	CVE-2020-27988	Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). network low complexity nagios CWE-79	5.4
2020-11-16	CVE-2020-28648	Improper Input Validation vulnerability in Nagios XI Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. network low complexity nagios CWE-20	8.8
2020-11-13	CVE-2020-5796	Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4 Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. local low complexity nagios CWE-281	7.8

Vulnerabilities > Nagios {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nagios"}]}

Vulnerabilities > Nagios