threat
engine
.sh
Back
·
··:··
Home
/
Product
/
nagios xi
Product
nagios xi
287 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2043
all versions
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows
8.8
HIGH
CVE-2026-2042
all versions
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to
8.8
HIGH
CVE-2026-2041
all versions
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote
8.8
HIGH
CVE-2025-67255
all versions
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a
8.8
HIGH
CVE-2025-67254
all versions
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
7.5
HIGH
CVE-2025-34288
<= 2024
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permi
6.7
MEDIUM
CVE-2025-34323
< 2026
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfi
7.8
HIGH
CVE-2025-34322
< 2026
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natur
7.2
HIGH
CVE-2024-13998
< 2024
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API k
6.5
MEDIUM
CVE-2024-13997
< 2024
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator cou
7.2
HIGH
CVE-2021-47698
< 5.8.7
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s V
5.4
MEDIUM
CVE-2024-13992
< 2024
Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) p
5.4
MEDIUM
CVE-2025-34298
< 2024
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow.
8.8
HIGH
CVE-2025-34287
< 2024
Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the
7.8
HIGH
CVE-2025-34286
< 2026
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check comma
7.2
HIGH
CVE-2025-34284
< 2024
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of use
8.8
HIGH
CVE-2025-34283
< 2024
Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune them
6.5
MEDIUM
CVE-2025-34280
< 2024
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality wh
7.2
HIGH
CVE-2025-34278
< 2024
Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups p
5.4
MEDIUM
CVE-2025-34277
< 2024
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are no
9.8
CRITICAL
CVE-2025-34274
< 2024
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embed
9.8
CRITICAL
CVE-2025-34273
< 2024
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator user
6.5
MEDIUM
CVE-2025-34272
< 2024
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not
6.5
MEDIUM
CVE-2025-34271
< 2024
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive
9.8
CRITICAL
CVE-2025-34270
< 2024
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obf
4.9
MEDIUM
CVE-2025-34135
< 2024
Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In parti
4.4
MEDIUM
CVE-2025-34134
< 2024
Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence (BPI) co
7.2
HIGH
CVE-2024-58273
< 2024
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who cou
7.8
HIGH
CVE-2024-14009
< 2024
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System
7.2
HIGH
CVE-2024-14008
< 2024
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insuff
7.2
HIGH
CVE-2024-14006
< 2024
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HT
6.1
MEDIUM
CVE-2024-14005
< 2024
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of us
8.8
HIGH
CVE-2024-14004
< 2024
Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvi
8.8
HIGH
CVE-2024-14003
< 2024
Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor
9.8
CRITICAL
CVE-2024-14002
< 2024
Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenti
5.5
MEDIUM
CVE-2024-14001
< 2024
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. I
5.4
MEDIUM
CVE-2024-14000
< 2024
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. I
5.4
MEDIUM
CVE-2024-13999
< 2024
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authenti
9.8
CRITICAL
CVE-2024-13996
< 2024
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was cha
9.8
CRITICAL
CVE-2024-13995
< 2024
Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (
8.8
HIGH
CVE-2024-13994
< 2024
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enable
9.8
CRITICAL
CVE-2024-13993
< 2024
Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed
6.1
MEDIUM
CVE-2023-7323
< 2024
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficien
5.4
MEDIUM
CVE-2023-7322
< 2024
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API per
8.1
HIGH
CVE-2023-7321
< 2.1.14
Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log cont
5.4
MEDIUM
CVE-2023-7319
< 2024
Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu.
5.4
MEDIUM
CVE-2023-7318
< 2024
Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page.
5.4
MEDIUM
CVE-2023-7317
< 2024
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privil
8.8
HIGH
CVE-2023-7316
< 2024
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient v
5.4
MEDIUM
CVE-2023-7315
< 5.11.3
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient v
5.4
MEDIUM
CVE-2023-7314
< 5.11.3
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient
5.4
MEDIUM
CVE-2023-7313
< 5.11.3
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient val
5.4
MEDIUM
CVE-2023-7312
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email
4.8
MEDIUM
CVE-2023-53690
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-ser
4.8
MEDIUM
CVE-2023-53689
< 4.2.0
Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configurati
4.8
MEDIUM
CVE-2023-53688
< 5.11.3
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hyp
5.4
MEDIUM
CVE-2022-50588
< 5.8.9
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient vali
5.4
MEDIUM
CVE-2022-50587
< 5.8.9
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) via the Apply Configuration error text. Insuffici
5.4
MEDIUM
CVE-2022-50586
< 5.8.9
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insu
5.4
MEDIUM
CVE-2022-50585
< 5.8.9
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vul
5.4
MEDIUM
CVE-2022-50584
< 5.8.8
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vul
5.4
MEDIUM
CVE-2021-47700
< 5.8.7
Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions
7.8
HIGH
CVE-2021-47699
< 5.8.7
Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Ins
5.4
MEDIUM
CVE-2021-47697
< 5.8.0
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient
5.4
MEDIUM
CVE-2021-47696
< 5.8.0
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validati
5.4
MEDIUM
CVE-2021-47695
< 5.8.0
Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient valida
5.4
MEDIUM
CVE-2021-47694
< 5.8.6
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting
6.1
MEDIUM
CVE-2021-47693
< 5.8.5
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in
8.8
HIGH
CVE-2021-47691
< 5.8.2
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (X
5.4
MEDIUM
CVE-2021-47690
< 5.8.2
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (X
5.4
MEDIUM
CVE-2021-47689
< 5.8.0
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vul
5.4
MEDIUM
CVE-2020-36869
< 5.7.5
Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requi
7.2
HIGH
CVE-2020-36868
< 5.7.3
Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script pe
7.8
HIGH
CVE-2020-36867
< 5.7.3
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. Use
8.8
HIGH
CVE-2020-36866
< 5.7.2
Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface.
5.4
MEDIUM
CVE-2020-36865
< 5.7.2
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Business Process Intelligence) compo
5.4
MEDIUM
CVE-2020-36864
< 5.7.2
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background color settings in Dashboards.
5.4
MEDIUM
CVE-2020-36863
< 5.7.2
Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location.
8.8
HIGH
CVE-2020-36862
< 5.6.11
Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted expor
6.1
MEDIUM
CVE-2020-36861
< 5.7.5
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (X
5.4
MEDIUM
CVE-2020-36860
< 5.7.4
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (X
5.4
MEDIUM
CVE-2020-36859
< 5.7.4
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabi
8.8
HIGH
CVE-2020-36858
< 2.1.6
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create
5.4
MEDIUM
CVE-2020-36857
< 5.6.14
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Ex
7.2
HIGH
CVE-2020-36856
< 5.6.14
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php scr
8.8
HIGH
CVE-2018-25123
< 5.5.7
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related proc
7.8
HIGH
CVE-2018-25122
< 5.4.13
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/im
8.8
HIGH
CVE-2018-25121
< 5.4.13
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insuffi
5.4
MEDIUM
CVE-2018-25119
< 4.1.5
Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficien
6.1
MEDIUM
CVE-2017-20209
all versions
Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficien
6.1
MEDIUM
CVE-2016-15053
< 5.2.4
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interf
5.4
MEDIUM
CVE-2016-15052
< 5.2.4
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insuffic
5.4
MEDIUM
CVE-2016-15051
< 5.2.4
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the
5.4
MEDIUM
CVE-2016-15050
< 5.2.4
Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied
8.8
HIGH
CVE-2016-15049
< 1.4.2
Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering lo
5.4
MEDIUM
CVE-2013-10074
< 2012
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insuf
5.4
MEDIUM
CVE-2013-10073
< 2012
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled
8.8
HIGH
CVE-2013-10072
<= 2011
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only role
6.5
MEDIUM
CVE-2013-10071
<= 2011
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX
6.1
MEDIUM
CVE-2012-10063
<= 2011
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interf
9.8
CRITICAL
CVE-2011-10040
<= 2009
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by statu
5.4
MEDIUM
CVE-2011-10039
<= 2009
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Re
5.4
MEDIUM
CVE-2011-10038
<= 2009
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web
5.4
MEDIUM
CVE-2011-10037
<= 2009
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used t
5.4
MEDIUM
CVE-2011-10036
<= 2009
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScr
5.4
MEDIUM
CVE-2011-10035
<= 2009
Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system c
7.0
HIGH
CVE-2025-60425
all versions
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechani
8.6
HIGH
CVE-2025-60424
all versions
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authen
7.6
HIGH
CVE-2025-44824
< 2024
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a
8.5
HIGH
CVE-2025-44823
< 2024
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserve
9.9
CRITICAL
CVE-2025-34227
<= 2026
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MyS
8.8
HIGH
CVE-2024-13986
< 2024
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path t
8.8
HIGH
CVE-2025-56432
all versions
A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitr
6.1
MEDIUM
CVE-2025-28059
all versions
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources du
7.5
HIGH
CVE-2025-29471
all versions
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payl
8.3
HIGH
CVE-2025-28131
all versions
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to
4.6
MEDIUM
CVE-2024-54957
all versions
Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. Th
6.1
MEDIUM
CVE-2024-54961
all versions
Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages disp
6.5
MEDIUM
CVE-2024-54960
all versions
A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in t
6.5
MEDIUM
CVE-2024-54959
all versions
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-ba
6.1
MEDIUM
CVE-2024-54958
all versions
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an at
6.1
MEDIUM
CVE-2024-42898
all versions
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a
5.4
MEDIUM
CVE-2023-48082
< 2014
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possib
9.1
CRITICAL
CVE-2024-33775
all versions
An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dash
9.8
CRITICAL
CVE-2024-24402
all versions
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/
9.8
CRITICAL
CVE-2024-24401
all versions
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the
9.8
CRITICAL
CVE-2023-51072
< 2024
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-
5.4
MEDIUM
CVE-2023-48085
< 5.11.3
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_te
9.8
CRITICAL
CVE-2023-48084
< 5.11.3
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
9.8
CRITICAL
CVE-2023-40934
< 5.11.2
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalati
7.2
HIGH
CVE-2023-40933
< 5.11.2
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration
8.8
HIGH
CVE-2023-40932
< 5.11.2
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the
5.4
MEDIUM
CVE-2023-40931
>= 5.11.0 and < 5.11.2
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execut
6.5
MEDIUM
CVE-2020-23992
all versions
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted G
6.1
MEDIUM
CVE-2022-38254
< 5.8.7
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
6.1
MEDIUM
CVE-2022-38251
all versions
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page und
4.8
MEDIUM
CVE-2022-38250
all versions
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
9.8
CRITICAL
CVE-2022-38249
all versions
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
6.1
MEDIUM
CVE-2022-38248
< 5.8.7
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
6.1
MEDIUM
CVE-2022-38247
all versions
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin
4.8
MEDIUM
CVE-2022-29272
<= 5.8.5
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
6.1
MEDIUM
CVE-2022-29271
<= 5.8.5
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any ho
6.5
MEDIUM
CVE-2022-29270
<= 5.8.5
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
4.3
MEDIUM
CVE-2022-29269
<= 5.8.5
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to th
6.5
MEDIUM
CVE-2021-40345
all versions
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP fil
7.2
HIGH
CVE-2021-40344
all versions
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files w
7.2
HIGH
CVE-2021-40343
all versions
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to ele
7.8
HIGH
CVE-2021-33179
< 5.8.4
The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An
6.1
MEDIUM
CVE-2021-33177
< 5.8.5
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires th
8.8
HIGH
CVE-2021-37223
<= 5.8.4
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authen
6.5
MEDIUM
CVE-2021-36366
< 5.8.5
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
9.8
CRITICAL
CVE-2021-36365
< 5.8.5
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
9.8
CRITICAL
CVE-2021-36364
< 5.8.5
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
9.8
CRITICAL
CVE-2021-36363
< 5.8.5
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
9.8
CRITICAL
CVE-2021-38156
< 5.8.6
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
5.4
MEDIUM
CVE-2021-37352
< 5.8.5
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability,
6.1
MEDIUM
CVE-2021-37351
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages thro
5.3
MEDIUM
CVE-2021-37350
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanit
9.8
CRITICAL
CVE-2021-37349
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from t
7.8
HIGH
CVE-2021-37348
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
7.5
HIGH
CVE-2021-37347
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory n
7.8
HIGH
CVE-2021-37345
< 5.8.5
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var direc
7.8
HIGH
CVE-2021-37343
< 5.8.5
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticate
8.8
HIGH
CVE-2021-35479
< 2.1.9
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through
5.4
MEDIUM
CVE-2021-35478
< 2.1.9
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parame
5.4
MEDIUM
CVE-2021-3277
<= 5.7.5
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functio
7.2
HIGH
CVE-2020-28911
<= 4.1.8
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to
6.5
MEDIUM
CVE-2020-28910
<= 5.7.5
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via cre
9.8
CRITICAL
CVE-2020-28909
<= 4.1.8
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts.
8.8
HIGH
CVE-2020-28908
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
9.8
CRITICAL
CVE-2020-28907
<= 4.1.8
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as r
9.8
CRITICAL
CVE-2020-28906
<= 5.7.5
Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to r
8.8
HIGH
CVE-2020-28905
<= 4.1.8
Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pag
8.8
HIGH
CVE-2020-28904
<= 4.1.8
Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio
9.8
CRITICAL
CVE-2020-28903
<= 4.1.8
Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject a
6.1
MEDIUM
CVE-2020-28902
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
9.8
CRITICAL
CVE-2020-28901
<= 4.1.8
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related
9.8
CRITICAL
CVE-2020-28900
<= 5.7.5
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escal
9.8
CRITICAL
CVE-2021-28925
< 2.4.3
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
9.8
CRITICAL
CVE-2021-28924
< 2.4.3
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
6.1
MEDIUM
CVE-2021-3273
< 5.7
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerabili
7.2
HIGH
CVE-2020-24899
all versions
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands i
8.8
HIGH
CVE-2020-22427
all versions
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additiona
7.2
HIGH
CVE-2021-25299
all versions
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/htm
6.1
MEDIUM
CVE-2021-25298
>= 5.5.6 and <= 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/incl
8.8
HIGH
CVE-2021-25297
>= 5.5.6 and <= 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/incl
8.8
HIGH
CVE-2021-25296
>= 5.5.6 and <= 5.7.5
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/incl
8.8
HIGH
CVE-2021-3193
<= 5.7.0
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows a
9.8
CRITICAL
CVE-2020-25385
<= 2.1.7
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through
6.1
MEDIUM
CVE-2020-35578
< 5.8.0
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishan
7.2
HIGH
CVE-2020-35269
all versions
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding
8.8
HIGH
CVE-2020-27991
< 5.7.5
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
5.4
MEDIUM
CVE-2020-27990
< 5.7.5
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
5.4
MEDIUM
CVE-2020-27989
< 5.7.5
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
5.4
MEDIUM
CVE-2020-27988
< 5.7.5
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
5.4
MEDIUM
CVE-2020-28648
< 5.7.5
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute re
8.8
HIGH
CVE-2020-5796
all versions
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissio
7.8
HIGH
CVE-2020-5792
all versions
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write
7.2
HIGH
CVE-2020-5791
>= 5.6.0 and <= 5.7.3
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to
7.2
HIGH
CVE-2020-5790
all versions
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legiti
6.5
MEDIUM
CVE-2020-15903
< 5.7.3
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root wh
9.8
CRITICAL
CVE-2020-16157
< 2.1.7
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods - Email Users menu.
5.4
MEDIUM
CVE-2020-15902
< 5.7.2
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
6.1
MEDIUM
CVE-2020-15901
< 5.7.2
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
8.8
HIGH
CVE-2020-13977
all versions
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to
4.9
MEDIUM
CVE-2020-10821
all versions
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
4.8
MEDIUM
CVE-2020-10820
all versions
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
4.8
MEDIUM
CVE-2020-10819
all versions
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
4.8
MEDIUM
CVE-2020-6586
all versions
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users p
5.4
MEDIUM
CVE-2020-6585
all versions
Nagios Log Server 2.1.3 has CSRF.
8.8
HIGH
CVE-2020-6584
all versions
Nagios Log Server 2.1.3 has Incorrect Access Control.
6.5
MEDIUM
CVE-2019-3698
< 3.5.1
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE L
5.7
MEDIUM
CVE-2019-20197
all versions
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to
8.8
HIGH
CVE-2019-20139
all versions
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour
5.4
MEDIUM
CVE-2019-15949
< 5.6.6
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or a
8.8
HIGH
CVE-2019-15898
< 2.0.8
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
6.1
MEDIUM
CVE-2018-17147
< 5.5.4
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
4.8
MEDIUM
CVE-2018-17148
< 5.5.4
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snaps
9.8
CRITICAL
CVE-2018-17146
< 5.5.4
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page
5.4
MEDIUM
CVE-2019-12279
all versions
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The v
9.8
CRITICAL
CVE-2019-9167
< 5.5.11
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via th
6.1
MEDIUM
CVE-2019-9166
< 5.5.11
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.in
7.8
HIGH
CVE-2019-9204
< 2.2.7
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
9.8
CRITICAL
CVE-2019-9203
< 2.2.7
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
9.8
CRITICAL
CVE-2019-9202
< 2.2.7
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
8.8
HIGH
CVE-2019-9165
< 5.5.11
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using f
9.8
CRITICAL
CVE-2019-9164
< 5.5.11
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodisc
8.8
HIGH
CVE-2018-20172
< 5.5.8
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is n
6.1
MEDIUM
CVE-2018-20171
< 5.5.8
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not fil
6.1
MEDIUM
CVE-2018-18245
all versions
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modi
5.4
MEDIUM
CVE-2018-15714
all versions
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
6.1
MEDIUM
CVE-2018-15713
all versions
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/u
5.4
MEDIUM
CVE-2018-15712
all versions
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php
6.1
MEDIUM
CVE-2018-15711
all versions
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker c
8.8
HIGH
CVE-2018-15710
all versions
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
7.8
HIGH
CVE-2018-15709
all versions
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
8.8
HIGH
CVE-2018-15708
all versions
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
9.8
CRITICAL
CVE-2016-8641
all versions
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and ins
6.7
MEDIUM
CVE-2018-13458
<= 4.4.1
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a l
5.5
MEDIUM
CVE-2018-13457
<= 4.4.1
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a l
5.5
MEDIUM
CVE-2018-13441
<= 4.4.1
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to ca
5.5
MEDIUM
CVE-2018-12501
< 4.1.4
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
6.1
MEDIUM
CVE-2018-10738
>= 5.2.0 and <= 5.2.9
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
7.2
HIGH
CVE-2018-10737
>= 5.2.0 and <= 5.2.9
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
7.2
HIGH
CVE-2018-10736
>= 5.2.0 and <= 5.2.9
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
7.2
HIGH
CVE-2018-10735
>= 5.2.0 and <= 5.2.9
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
7.2
HIGH
CVE-2018-10554
all versions
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour,
5.4
MEDIUM
CVE-2018-10553
all versions
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstr
6.5
MEDIUM
CVE-2018-8736
>= 5.2.0 and < 5.4.13
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerab
8.8
HIGH
CVE-2018-8735
>= 5.2.0 and < 5.4.13
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrar
8.8
HIGH
CVE-2018-8734
>= 5.2.0 and < 5.4.13
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
9.8
CRITICAL
CVE-2018-8733
>= 5.2.0 and < 5.4.13
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenti
9.8
CRITICAL
CVE-2017-14312
<= 4.3.4
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is own
7.8
HIGH
CVE-2017-12847
<= 4.3.2
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local u
6.3
MEDIUM
CVE-2016-0726
all versions
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it e
9.8
CRITICAL
CVE-2016-6209
all versions
Cross-site scripting (XSS) vulnerability in Nagios.
6.1
MEDIUM
CVE-2014-5009
<= 4.2.3
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-20
9.8
CRITICAL
CVE-2008-7313
<= 4.2.3
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an in
9.8
CRITICAL
CVE-2016-10089
<= 4.2.4
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related
7.8
HIGH
CVE-2016-9566
<= 4.2.3
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privilege
7.8
HIGH
CVE-2016-9565
<= 4.2.1
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitra
9.8
CRITICAL
CVE-2014-4703
all versions
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configurati
CVE-2014-4702
<= 2.0.1
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration fil
CVE-2014-4701
<= 2.0.1
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration fil
CVE-2013-4215
all versions
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack
CVE-2014-1878
<= 4.0.3
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga bef
CVE-2013-2214
all versions
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a conta
CVE-2013-7205
<= 4.0.2
Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote aut
CVE-2013-7108
<= 4.0.2
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.
CVE-2013-6875
<= 2012r2.3
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote
CVE-2013-4214
<= 3.5.1
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbit
CVE-2012-6096
<= 3.4.3
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x bef
CVE-2011-2179
all versions
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allo
CVE-2011-1523
<= 3.2.3
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to in
CVE-2009-2288
<= 3.1.0
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pin
CVE-2008-6373
<= 3.0.5
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adapti
CVE-2008-5028
<= 3.0.4
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote atta
CVE-2008-5027
<= 3.0.4
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authori
CVE-2008-4796
< 4.2.2
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) m
CVE-2007-5803
all versions
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject a
CVE-2008-1360
all versions
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via
CVE-2007-5624
<= 2.9
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML
CVE-2007-5623
all versions
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of
CVE-2007-5198
<= 1.4.9
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, a
CVE-2006-2489
all versions
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of servi
CVE-2006-2162
<= 1.3
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a
CVE-2002-1959
all versions
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin