CVE-2025-34135— Nagios XI 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-34135の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files
ソース: NVD (National Vulnerability Database)
脆弱性説明
Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
关键资源的不正确权限授予
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Nagios XI 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.4.2之前版本存在安全漏洞,该漏洞源于系统单元文件权限设置过于宽松,可能导致本地攻击面扩大。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2025-34135の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-34135のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Nagios · 2025-10-30 · 94 CVEs total
| CVE-2021-47694 | Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command | |
| CVE-2021-47700 | Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory | |
| CVE-2021-47693 | Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search | |
| CVE-2011-10035 | Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE | |
| CVE-2011-10039 | Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing | |
| CVE-2011-10036 | Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler | |
| CVE-2012-10063 | Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM | |
| CVE-2024-14006 | Nagios XI < 2024R1.2.2 Host Header Injection | |
| CVE-2018-25119 | Nagios Fusion < 4.1.5 XSS via fusionwindow Parameter | |
| CVE-2021-47691 | Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page | |
| CVE-2021-47699 | Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form | |
| CVE-2021-47690 | Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals | |
| CVE-2020-36862 | Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts | |
| CVE-2020-36858 | Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages | |
| CVE-2020-36863 | Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory | |
| CVE-2020-36860 | Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages | |
| CVE-2020-36859 | Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages | |
| CVE-2020-36857 | Nagios XI < 5.6.14 Authenticated SQL Injection via SNMP Trap Interface Page | |
| CVE-2020-36867 | Nagios XI < 5.7.3 Command Injection in Report PDF Download | |
| CVE-2020-36861 | Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Che |
Showing 20 of 94 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: XI
- CVE-2021-47698
Nagios XI < 5.8.7 XSS in Core UI Views URL handling - CVE-2024-13997
Nagios XI < 2024R1.1.3 Privilege Escalation via Migrate Serv - CVE-2024-13998
Nagios XI < 2024R1.1.3 API Keys & Hashed Passwords Authentic - CVE-2024-13992
Nagios XI < 2024R1.1 XSS via Missing Page / 404 - CVE-2011-10037
Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Pe
同じベンダー: Nagios
- CVE-2026-2041
Nagios Host zabbixagent_configwizard_func Command Injection - CVE-2026-2043
Nagios Host esensors_websensor_configwizard_func Command Inj - CVE-2026-2042
Nagios Host monitoringwizard Command Injection Remote Code E - CVE-2025-34323
Nagios Log Server < 2026R1.0.1 Local Privilege Escalation vi - CVE-2025-34322
Nagios Log Server < 2026R1.0.1 Authenticated Command Injecti
同じ弱点: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. CVE-2025-34135へのコメント
まだコメントはありません