Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nagios_xi
(Nagios)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-26 | CVE-2021-40345 | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | Nagios_xi | 7.2 | ||
| 2022-06-29 | CVE-2022-29269 | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | Nagios_xi | 6.5 | ||
| 2022-06-29 | CVE-2022-29270 | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | Nagios_xi | 4.3 | ||
| 2022-06-29 | CVE-2022-29271 | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | Nagios_xi | 6.5 | ||
| 2022-06-29 | CVE-2022-29272 | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | Nagios_xi | 6.1 | ||
| 2022-09-07 | CVE-2022-38247 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. | Nagios_xi | 4.8 | ||
| 2022-09-07 | CVE-2022-38248 | Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | Nagios_xi | 6.1 | ||
| 2022-09-07 | CVE-2022-38249 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | Nagios_xi | 6.1 | ||
| 2022-09-07 | CVE-2022-38250 | Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | Nagios_xi | 9.8 | ||
| 2022-09-07 | CVE-2022-38251 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | Nagios_xi | 4.8 |