nvd,anchore_overrides
Nagios
Vulnerabilities
301
Known exploited
4
Critical
47
High
101
Top products
Nagios Xi194Nagios37Log Server23Fusion19Network Analyzer7Nagios Core5Incident Manager3Plugins3Remote Plug In Executor3Favorites2Nagios Cross Platform Agent2Business Process Intelligence1Nagios Network Analyzer1Nagios Xi Docker Wizard1Nagios Xi Switch Wizard1Nagios Xi Watchguard Wizard1Ndoutils1Remote Plugin Executor1
Top vulnerabilities
CVE-2002-1959Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
CVE-2024-33775An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
CVE-2024-24402An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
CVE-2024-24401SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
CVE-2023-48085Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2023-48084Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
CVE-2022-38250Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
CVE-2021-37353Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
CVE-2021-37350Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
CVE-2021-37346Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
CVE-2021-37344Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
CVE-2021-36366Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
CVE-2021-36365Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
CVE-2021-36364Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
CVE-2021-36363Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
CVE-2021-3193Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
CVE-2021-28925SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.
CVE-2020-28910Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
CVE-2020-28908Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
CVE-2020-28907Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
CVE-2020-28904Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code.
CVE-2020-28902Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVE-2020-28901Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
CVE-2020-28900Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
CVE-2020-15903An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.