Search CVE reports
1 – 10 of 12 results
CVE-2022-38254
Medium priorityNagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38251
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38250
Medium priorityNagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38249
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38248
Medium priorityNagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38247
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2020-35269
Medium priorityNagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
1 affected packages
nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2020-13977
Medium priorityNagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the...
1 affected packages
nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios4 | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2018-18245
Low priorityNagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
2 affected packages
nagios3, nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios3 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
nagios4 | Not affected | Not affected | Not affected | Not in release | Not in release |
CVE-2018-13458
Medium priorityqh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
1 affected packages
nagios4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nagios4 | — | — | — | Not in release | Not in release |