Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

CVE
#ios

� CNCZ�������ԏz���;�_��sg�2�r� endstream endobj 3 0 obj 673 endobj 4 0 obj <> stream x��M�$� ��F_�+�l|빆�2��� ��@��%2H*�M����?���K�t�b�@גףÙ��,���/~�Z;4�Ȗj� |�(i#���@�o�s���O����3�o3���^o嫵�XI�p�K8Z�~�#�����m’�������[��] ]۵�^>E&��hK���ݥ���������8�B[��%߮�’�3�N:p’Lرy�U���3@k,gF����’��ߋ������� �<4c~uY�lڌ�ڶ��. �{ �N�.�U$e7�����I:i�c/�Pv?�CA��f,YG-~h�6l��9����]��&|�*����S���R�Ѫ���Hx�C�C3��#�򾍹m�O>œh�’���!�� zi�s���L’��KW���f�+7`��?%A��@#@<��\~�Aܪ�Ea�+�\6���$�7d�Fr�J�����˔��{N ������]�5�#��Q�NBm��3��;���-l��җs����Ca {�Ѕ�ryZ ��,�^M����6F5��D$�gqP���i�8�jM��.6�4V\��k9����:o팠��rM� ?�^� A��]l �m`ʯ����@�(��[�(��A�|-�,���h�c!h񶋍!x�� �p8��8�� ]+�0&���mdcB���+��|f.�&�+�

Related news

CVE-2022-38254: Nagios XI Change Log - Nagios

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907