Nagios

Nagios Xi

189 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-3277

  • EPSS 32.14%
  • Veröffentlicht 07.06.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:12

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.

9

CVE-2020-28906

  • EPSS 0.91%
  • Veröffentlicht 24.05.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:23:15

Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.

10

CVE-2020-28910

Exploit
  • EPSS 0.52%
  • Veröffentlicht 24.05.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:23:16

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.

10

CVE-2020-28900

Exploit
  • EPSS 0.79%
  • Veröffentlicht 24.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:23:15

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh...

9

CVE-2021-3273

Exploit
  • EPSS 24.28%
  • Veröffentlicht 25.02.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:11

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

7.2

CVE-2020-22427

Exploit
  • EPSS 38.1%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:16

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all techn...

8.8

CVE-2020-24899

Exploit
  • EPSS 5.68%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:10

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.

9

CVE-2021-25296

Warnung Exploit
  • EPSS 93.71%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:14:53

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by ...

9

CVE-2021-25297

Warnung Exploit
  • EPSS 60.59%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:13:58

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single...

9

CVE-2021-25298

Warnung Exploit
  • EPSS 80.35%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 15:13:53

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a si...