Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | |||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | |||||
| CVE-2020-28910 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | |||||
| CVE-2021-37351 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | |||||
| CVE-2021-37347 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | |||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | |||||
| CVE-2021-26024 | 1 Nagios | 2 Favorites, Nagios Xi | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | |||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | |||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | |||||
| CVE-2021-3193 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | |||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | |||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | |||||
| CVE-2021-26023 | 1 Nagios | 2 Favorites, Nagios Xi | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | |||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | |||||
| CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | |||||
| CVE-2020-5792 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | |||||
| CVE-2020-35578 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. | |||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | |||||