Vulnerabilities > Nagios > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-15714 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 6.1 |
| 2018-11-14 | CVE-2018-15713 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | 5.4 |
| 2018-11-14 | CVE-2018-15712 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 6.1 |
| 2018-07-12 | CVE-2018-13458 | NULL Pointer Dereference vulnerability in Nagios Core qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 5.5 |
| 2018-07-12 | CVE-2018-13457 | NULL Pointer Dereference vulnerability in Nagios Core qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 5.5 |
| 2018-07-12 | CVE-2018-13441 | NULL Pointer Dereference vulnerability in Nagios qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. | 5.5 |
| 2018-06-16 | CVE-2018-12501 | Cross-site Scripting vulnerability in Nagios Fusion Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | 6.1 |
| 2018-04-30 | CVE-2018-10554 | Cross-site Scripting vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 5.4 |
| 2018-04-30 | CVE-2018-10553 | Path Traversal vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 6.5 |
| 2018-02-06 | CVE-2015-3618 | Cross-site Scripting vulnerability in Nagios Business Process Intelligence Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. | 6.1 |