Vulnerabilities (CVE)

Vendor filter

Nagios Subscribe

Filter

69 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-8641 1 Nagios 1 Nagios 2019-10-09 7.2
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the...
CVE-2018-8736 1 Nagios 1 Nagios Xi 2019-10-03 9.0
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
CVE-2018-15711 1 Nagios 1 Nagios Xi 2019-10-03 6.5
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
CVE-2017-12847 1 Nagios 1 Nagios 2019-10-03 6.3
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a...
CVE-2018-15709 1 Nagios 1 Nagios Xi 2019-10-03 6.5
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-15710 1 Nagios 1 Nagios Xi 2019-10-03 7.2
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2017-14312 1 Nagios 1 Nagios Core 2019-10-03 7.2
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users...
CVE-2018-15708 1 Nagios 1 Nagios Xi 2019-10-03 7.5
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-8733 1 Nagios 1 Nagios Xi 2019-10-03 7.5
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
CVE-2019-15949 1 Nagios 1 Nagios Xi 2019-09-06 9.0
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile...
CVE-2019-15898 1 Nagios 1 Log Server 2019-09-04 4.3
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
CVE-2019-12279 1 Nagios 1 Nagios Xi 2019-08-09 7.5
** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a...
CVE-2018-17147 1 Nagios 1 Nagios Xi 2019-07-11 3.5
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
CVE-2018-17146 1 Nagios 1 Nagios Xi 2019-06-23 3.5
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login...
CVE-2018-17148 1 Nagios 1 Nagios Xi 2019-06-21 5.0
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing...
CVE-2019-9204 1 Nagios 1 Incident Manager 2019-04-15 7.5
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
CVE-2019-9203 1 Nagios 1 Incident Manager 2019-04-15 7.5
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
CVE-2019-9202 1 Nagios 1 Incident Manager 2019-04-15 6.5
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
CVE-2019-9167 1 Nagios 1 Nagios Xi 2019-04-15 4.3
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
CVE-2019-9166 1 Nagios 1 Nagios Xi 2019-04-15 7.2
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.