Vulnerabilities > Nagios > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-13 CVE-2021-37350 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
network
low complexity
nagios CWE-89
7.5
7.5
2021-08-13 CVE-2021-37353 Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Docker Wizard
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
network
low complexity
nagios CWE-918
7.5
7.5
2021-05-24 CVE-2020-28904 Improper Privilege Management vulnerability in Nagios Fusion
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
network
low complexity
nagios CWE-269
7.5
7.5
2021-05-24 CVE-2020-28908 Command Injection vulnerability in Nagios Fusion
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
network
low complexity
nagios CWE-77
7.5
7.5
2021-04-08 CVE-2021-28925 SQL Injection vulnerability in Nagios Network Analyzer
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
network
low complexity
nagios CWE-89
7.5
7.5
2021-02-15 CVE-2020-22427 Unspecified vulnerability in Nagios XI 5.6.11
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability.
network
low complexity
nagios
7.2
7.2
2021-02-15 CVE-2021-25298 Unspecified vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
8.8
2021-02-15 CVE-2021-25297 Unspecified vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
8.8
2021-02-15 CVE-2021-25296 Unspecified vulnerability in Nagios XI 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection.
network
low complexity
nagios
8.8
8.8
2021-01-26 CVE-2021-3193 Unspecified vulnerability in Nagios XI
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
network
low complexity
nagios
7.5
7.5