Vulnerabilities > Nagios > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-6581 Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence).
local
low complexity
nagios fedoraproject
7.3
7.3
2020-03-16 CVE-2020-6585 Cross-Site Request Forgery (CSRF) vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has CSRF.
network
low complexity
nagios CWE-352
8.8
8.8
2020-02-28 CVE-2019-3698 Link Following vulnerability in multiple products
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race.
local
high complexity
nagios opensuse CWE-59
7.0
7.0
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
8.8
8.8
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
8.8
8.8
2019-03-28 CVE-2019-9166 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
local
low complexity
nagios CWE-732
7.8
7.8
2019-03-28 CVE-2019-9202 Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
network
low complexity
nagios
8.8
8.8
2019-03-28 CVE-2019-9164 Cross-site Scripting vulnerability in Nagios XI
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
network
low complexity
nagios CWE-79
8.8
8.8
2018-11-14 CVE-2018-15711 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users.
network
low complexity
nagios CWE-78
8.8
8.8
2018-11-14 CVE-2018-15710 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
local
low complexity
nagios CWE-78
7.8
7.8