Filtered by vendor Nagios
Subscribe
Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42898 | 1 Nagios | 1 Nagios Xi | 2025-06-24 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | |||||
| CVE-2024-54961 | 1 Nagios | 1 Nagios Xi | 2025-06-18 | N/A | 6.5 MEDIUM |
| Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. | |||||
| CVE-2025-28132 | 1 Nagios | 1 Nagios Network Analyzer | 2025-06-18 | N/A | 4.6 MEDIUM |
| A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf. | |||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | N/A | 4.8 MEDIUM |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | |||||
| CVE-2023-51072 | 1 Nagios | 1 Nagios Xi | 2025-06-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | |||||
| CVE-2023-48085 | 1 Nagios | 1 Nagios Xi | 2025-05-22 | N/A | 9.8 CRITICAL |
| Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | |||||
| CVE-2025-29471 | 1 Nagios | 1 Log Server | 2025-04-23 | N/A | 8.3 HIGH |
| Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. | |||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2025-04-20 | 6.3 MEDIUM | 6.3 MEDIUM |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | |||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | |||||
| CVE-2014-5009 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | |||||
| CVE-2016-6209 | 1 Nagios | 1 Nagios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios. | |||||
| CVE-2016-10089 | 1 Nagios | 1 Nagios | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | |||||
| CVE-2017-14312 | 1 Nagios | 1 Nagios Core | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | |||||
| CVE-2014-4703 | 1 Nagios | 1 Nagios | 2025-04-12 | 2.1 LOW | N/A |
| lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | |||||
| CVE-2014-4701 | 1 Nagios | 1 Nagios | 2025-04-12 | 2.1 LOW | N/A |
| The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. | |||||
| CVE-2016-9565 | 1 Nagios | 1 Nagios | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. | |||||
| CVE-2014-1878 | 2 Icinga, Nagios | 2 Icinga, Nagios | 2025-04-12 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. | |||||
| CVE-2016-9566 | 1 Nagios | 1 Nagios | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | |||||
| CVE-2014-4702 | 1 Nagios | 1 Nagios | 2025-04-12 | 2.1 LOW | N/A |
| The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. | |||||