Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nagios_xi
(Nagios)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 105 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-24 | CVE-2020-28910 | Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | Nagios_xi | 9.8 | ||
| 2021-06-07 | CVE-2021-3277 | Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | Nagios_xi | 7.2 | ||
| 2021-08-13 | CVE-2021-37343 | A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | Nagios_xi | 8.8 | ||
| 2021-08-13 | CVE-2021-37345 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | Nagios_xi | 7.8 | ||
| 2021-08-13 | CVE-2021-37347 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | Nagios_xi | 7.8 | ||
| 2021-08-13 | CVE-2021-37348 | Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | Nagios_xi | 7.5 | ||
| 2021-08-13 | CVE-2021-37349 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | Nagios_xi | 7.8 | ||
| 2021-08-13 | CVE-2021-37350 | Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | Nagios_xi | 9.8 | ||
| 2021-08-13 | CVE-2021-37351 | Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | Nagios_xi | 5.3 | ||
| 2021-08-13 | CVE-2021-37352 | An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | Nagios_xi | 6.1 |