Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2020-03-22 CVE-2020-10821 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
network
nagios CWE-79
3.5
3.5
2020-03-22 CVE-2020-10820 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
network
nagios CWE-79
3.5
3.5
2020-03-22 CVE-2020-10819 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
network
nagios CWE-79
3.5
3.5
2020-03-16 CVE-2020-6582 Incorrect Conversion between Numeric Types vulnerability in multiple products
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
network
low complexity
nagios fedoraproject CWE-681
7.5
7.5
2020-03-16 CVE-2020-6581 Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence).
local
low complexity
nagios fedoraproject
7.3
7.3
2020-03-16 CVE-2020-6586 Cross-site Scripting vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page.
network
low complexity
nagios CWE-79
5.4
5.4
2020-03-16 CVE-2020-6585 Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has CSRF.
network
low complexity
nagios CWE-352
8.8
8.8
2020-03-16 CVE-2020-6584 Improper Privilege Management vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has Incorrect Access Control.
network
low complexity
nagios CWE-269
6.5
6.5
2020-02-28 CVE-2019-3698 Link Following vulnerability in multiple products
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. 		6.9
6.9
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
critical
 9.0
9.0