Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nagios_xi
(Nagios)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 96 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-15 | CVE-2021-25296 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | Nagios_xi | 8.8 | ||
| 2021-02-15 | CVE-2021-25297 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | Nagios_xi | 8.8 | ||
| 2021-02-15 | CVE-2021-25298 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | Nagios_xi | 8.8 | ||
| 2022-06-29 | CVE-2022-29269 | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | Nagios_xi | 6.5 | ||
| 2022-06-29 | CVE-2022-29270 | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | Nagios_xi | 4.3 | ||
| 2022-06-29 | CVE-2022-29271 | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | Nagios_xi | 6.5 | ||
| 2020-10-20 | CVE-2020-5791 | Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | Nagios_xi | 7.2 | ||
| 2020-07-22 | CVE-2020-15901 | In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | Nagios_xi | 8.8 | ||
| 2020-07-22 | CVE-2020-15902 | Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | Nagios_xi | 6.1 | ||
| 2021-10-26 | CVE-2021-40345 | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | Nagios_xi | 7.2 |