CVE-2024-13995

Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...

CVE-2013-10073

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

CVE-2024-14000 Nagios XI < 2024R1.1.3 XSS via Capacity Planning Report

Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44502

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2 Description The software contains a flaw due to insufficient validation of inbound NRDP Nagios Remote Data Processor request parameters. This allows crafted input to reach command execution paths, potential...

CVE-2024-54960

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Specific to version 2024R1.2.2. The vulnerability is in the way Nagios XI handles user information, allowing unauthenticated users to access usernames and e-mail addresses of all current users. This can lead to unauthorized access and exploitation of...

CVE-2024-54961

Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users...

RHSA-2017:0258 Red Hat Security Advisory: nagios security update

Bulletin has no description...

RHSA-2017:0211 Red Hat Security Advisory: nagios security update

Bulletin has no description...

RHSA-2017:0212 Red Hat Security Advisory: nagios security update

Bulletin has no description...

Nagios Cross-Site Scripting Vulnerability

Nagios is an open source, free network monitoring tool from Nagios, Inc. A cross-site scripting vulnerability exists in Nagios versions prior to 2.4.0 that originates from allowing an attacker to run arbitrary code via the name element when filtering logs...