Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2022-38254

Medium priority
Needs evaluation

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38251

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38250

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38249

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38248

Medium priority
Needs evaluation

Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2022-38247

Medium priority
Needs evaluation

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.

3 affected packages

icinga, nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
icinga Not in release Not in release Needs evaluation Needs evaluation
nagios3 Not in release Not in release Needs evaluation Needs evaluation
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
Show less packages

CVE-2020-35269

Medium priority
Needs evaluation

Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.

1 affected packages

nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios4 Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2020-13977

Medium priority
Needs evaluation

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the...

1 affected packages

nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios4 Not affected Not affected Needs evaluation Not in release Not in release
Show less packages

CVE-2018-18245

Low priority
Vulnerable

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

2 affected packages

nagios3, nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios3 Not in release Not in release Not in release Vulnerable Vulnerable
nagios4 Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2018-13458

Medium priority
Ignored

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

1 affected packages

nagios4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nagios4 Not in release Not in release
Show less packages