Vulnerabilities > Nagios > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-37348 | Files or Directories Accessible to External Parties vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | 7.5 |
| 2021-08-13 | CVE-2021-37349 | Unspecified vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | 7.8 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 7.2 |
| 2021-05-24 | CVE-2020-28905 | Code Injection vulnerability in Nagios Fusion Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | 8.8 |
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-05-24 | CVE-2020-28909 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios Fusion Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. | 8.8 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 7.2 |
| 2021-02-15 | CVE-2020-24899 | OS Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 8.8 |
| 2021-02-15 | CVE-2020-22427 | Unspecified vulnerability in Nagios XI 5.6.11 NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. | 7.2 |
| 2021-02-15 | CVE-2021-25298 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |