Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-15709
Nagios XI 5.5.6 allows remote authenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
8.8
CVSSv3
CVE-2018-15711
Nagios XI 5.5.6 allows remote authenticated malicious users to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
Nagios Nagios Xi 5.5.6
8.8
CVSSv3
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary commands on the target system, aka OS command injection.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to leverage an RCE vulnerability escalating to root.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
8.1
CVSSv3
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor prior to 5.3.1 and 5.4.x prior to 5.4.2 invokes a file that can be edited by the nagios user, and would allow malicious users to elevate their privileges to root after a system restart, henc...
Opsview Opsview
7.8
CVSSv3
CVE-2021-40343
An issue exists in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
Nagios Nagios Xi 5.8.5
7.8
CVSSv3
CVE-2021-37345
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
Nagios Nagios Xi
7.8
CVSSv3
CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
Nagios Nagios Xi
7.8
CVSSv3
CVE-2021-37349
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
Nagios Nagios Xi
7.8
CVSSv3
CVE-2020-5796
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
Nagios Nagios Xi 5.7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »