Known Vulnerabilities for products from Nagios

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nagios".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-38156 In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashb... 5.4 - MEDIUM 2021-09-15 2021-09-17
CVE-2021-37353 Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php. 9.8 - CRITICAL 2021-08-13 2021-08-13
CVE-2021-37352 An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerabi... 6.1 - MEDIUM 2021-08-13 2021-08-23
CVE-2021-37351 Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages... 5.3 - MEDIUM 2021-08-13 2021-08-23
CVE-2021-37350 Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input ... 9.8 - CRITICAL 2021-08-13 2021-08-23
CVE-2021-37349 Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read f... 7.8 - HIGH 2021-08-13 2021-08-13
CVE-2021-37348 Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. 7.5 - HIGH 2021-08-13 2021-08-23
CVE-2021-37347 Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the direct... 7.8 - HIGH 2021-08-13 2021-08-23
CVE-2021-37346 Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of sp... 9.8 - CRITICAL 2021-08-13 2021-08-24
CVE-2021-37345 Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var ... 7.8 - HIGH 2021-08-13 2021-08-23
CVE-2021-37344 Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of specia... 9.8 - CRITICAL 2021-08-13 2021-08-24
CVE-2021-37343 A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authent... 8.8 - HIGH 2021-08-13 2021-08-23
CVE-2021-37223 Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any a... 6.5 - MEDIUM 2021-10-05 2021-10-12
CVE-2021-36366 Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. 9.8 - CRITICAL 2021-09-28 2021-10-04
CVE-2021-36365 Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. 9.8 - CRITICAL 2021-09-28 2021-10-01
CVE-2021-36364 Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. 9.8 - CRITICAL 2021-09-28 2021-10-04
CVE-2021-36363 Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. 9.8 - CRITICAL 2021-09-28 2021-10-01
CVE-2021-28925 SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/. 9.8 - CRITICAL 2021-04-08 2021-04-13
CVE-2021-28924 Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. 6.1 - MEDIUM 2021-04-08 2021-04-12
CVE-2021-26024 The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to... 5.3 - MEDIUM 2021-02-03 2021-02-05

Known software with vulnerabilities from Nagios

Type Vendor Product Version
ApplicationNagiosBusiness Process Intelligence2.3.4
ApplicationNagiosFavorites-
ApplicationNagiosFusion4.0.0
ApplicationNagiosIncident Manager2.0.0
ApplicationNagiosLog Server-
ApplicationNagiosNagios2.0.1
ApplicationNagiosNagios Core1.0.0
ApplicationNagiosNagios Xi5
ApplicationNagiosPlugins1.3.0
ApplicationNagiosRemote Plug In Executor1.3
ApplicationNagiosRemote Plugin Executor2.15

Popular searches for "Nagios"

Nagios

Nagios Core, formerly known as Nagios, is a free and open-source computer-software application that monitors systems, networks and infrastructure. Nagios offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. Ethan Galstad and a group of developers originally wrote Nagios as NetSaint.

Nagios - The Industry Standard In IT Infrastructure Monitoring

www.nagios.org

B >Nagios - The Industry Standard In IT Infrastructure Monitoring Nagios y w provides enterprise-class Open Source IT monitoring, network monitoring, server and applications monitoring. Download Nagios Today!

network.nagios.org www.abc-directory.com/go/go.php?u=http%3A%2F%2Fwww.nagios.org%2F community.nagios.org freshmeat.sourceforge.net/urls/9edad1924fee3a87e26b37de090f1383 nagiosbp.projects.nagiosforge.org Nagios Network monitoring Server (computing) Application software IT infrastructure The Industry Standard Server log Computer network Download System monitor Plug-in (computing) Open source Linux Information technology Enterprise software Microsoft Windows Operating system Universal Disk Format High availability Process (computing)

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report