Vulnerabilities > Librenms > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-20 CVE-2022-4070 Insufficient Session Expiration vulnerability in Librenms
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-613
critical
 9.8
9.8
2022-06-02 CVE-2022-29712 Command Injection vulnerability in Librenms 22.3.0
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
network
low complexity
librenms CWE-77
critical
 9.8
9.8
2021-12-03 CVE-2021-44278 Path Traversal vulnerability in Librenms 21.11.0
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
network
low complexity
librenms CWE-22
critical
 9.8
9.8
2019-09-09 CVE-2019-10668 Missing Authentication for Critical Function vulnerability in Librenms
An issue was discovered in LibreNMS through 1.47.
network
low complexity
librenms CWE-306
critical
 9.1
9.1
2019-09-09 CVE-2019-10665 Injection vulnerability in Librenms
An issue was discovered in LibreNMS through 1.47.
network
low complexity
librenms CWE-74
critical
 9.8
9.8
2019-04-24 CVE-2018-20434 OS Command Injection vulnerability in Librenms 1.46
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
network
low complexity
librenms CWE-78
critical
 9.8
9.8