Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-13458
qh_core in Nagios Core 4.4.1 and previous versions is prone to a NULL pointer dereference vulnerability, which allows malicious users to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Nagios Nagios Core
1 EDB exploit
4
CVSSv2
CVE-2022-29269
In Nagios XI up to and including 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Nagios Nagios Xi
4
CVSSv2
CVE-2020-6584
Nagios Log Server 2.1.3 has Incorrect Access Control.
Nagios Nagios 2.1.3
6.8
CVSSv2
CVE-2020-6585
Nagios Log Server 2.1.3 has CSRF.
Nagios Nagios 2.1.3
3.5
CVSSv2
CVE-2020-6586
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Nagios Nagios 2.1.3
7.5
CVSSv2
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2021-36366
Nagios XI prior to 5.8.5 incorrectly allows manage_services.sh wildcards.
Nagios Nagios Xi
4
CVSSv2
CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, th...
Nagios Nagios Xi
6.5
CVSSv2
CVE-2021-37343
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
Nagios Nagios Xi
1 Metasploit module
4.3
CVSSv2
CVE-2018-20172
An issue exists in Nagios XI prior to 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
Nagios Nagios Xi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »