Search CVE reports
1 – 10 of 40 results
CVE-2022-38254
Medium priorityNagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38251
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38250
Medium priorityNagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38249
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38248
Medium priorityNagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38247
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2019-3698
Medium priorityUNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially...
2 affected packages
icinga, nagios3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | — | — | Not affected | Not affected |
| nagios3 | — | — | — | Not affected | Not affected |
CVE-2018-18245
Low priorityNagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
2 affected packages
nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nagios3 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| nagios4 | Not affected | Not affected | Not affected | Not in release | Not in release |
CVE-2016-8641
Low priorityA privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic...
2 affected packages
icinga, nagios3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | — | — | Not affected | Not affected |
| nagios3 | — | — | — | Not affected | Not affected |
CVE-2018-10738
Medium priorityA SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
1 affected packages
nagios3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nagios3 | — | — | — | Not affected | Not affected |