Search CVE reports
1 – 10 of 64 results
CVE-2023-38350
Medium priorityPNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.
1 affected packages
pnp4nagios
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pnp4nagios | — | Not in release | Not in release | Ignored | Ignored |
CVE-2023-38349
Medium priorityPNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.
1 affected packages
pnp4nagios
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pnp4nagios | — | Not in release | Not in release | Ignored | Ignored |
CVE-2022-38254
Medium priorityNagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38251
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38250
Medium priorityNagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38249
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38248
Medium priorityNagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2022-38247
Medium priorityNagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.
3 affected packages
icinga, nagios3, nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| icinga | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios3 | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
CVE-2020-35269
Medium priorityNagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
1 affected packages
nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nagios4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2020-13977
Medium priorityNagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the...
1 affected packages
nagios4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nagios4 | Not affected | Not affected | Needs evaluation | Not in release | Not in release |