Search CVE reports


Toggle filters

1 – 10 of 40 results


CVE-2022-38254

Medium priority
Needs evaluation

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38251

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38250

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38249

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38248

Medium priority
Needs evaluation

Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38247

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2019-3698

Medium priority
Not affected

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially...

2 affected packages

icinga, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not affected Not affected
nagios3 Not affected Not affected
Show less packages

CVE-2018-18245

Low priority
Vulnerable

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

2 affected packages

nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios3 Not in release Not in release Not in release Vulnerable Vulnerable
nagios4 Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2016-8641

Low priority
Ignored

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic...

2 affected packages

icinga, nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not affected Not affected
nagios3 Not affected Not affected
Show less packages

CVE-2018-10738

Medium priority
Not affected

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.

1 affected package

nagios3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios3 Not affected Not affected
Show less packages