Vulnerabilities > Nagios > Nagios XI > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-48085 Unspecified vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
network
low complexity
nagios
critical
 9.8
9.8
2023-12-14 CVE-2023-48084 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2022-09-07 CVE-2022-38250 SQL Injection vulnerability in Nagios XI 5.8.6
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2021-09-28 CVE-2021-36366 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
network
low complexity
nagios
critical
 9.8
9.8
2021-09-28 CVE-2021-36365 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
network
low complexity
nagios CWE-276
critical
 9.8
9.8
2021-09-28 CVE-2021-36364 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
network
low complexity
nagios
critical
 9.8
9.8
2021-09-28 CVE-2021-36363 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
network
low complexity
nagios CWE-276
critical
 9.8
9.8
2021-08-13 CVE-2021-37350 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2021-05-24 CVE-2020-28910 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
network
low complexity
nagios CWE-732
critical
 9.8
9.8
2021-05-24 CVE-2020-28900 Insufficient Verification of Data Authenticity vulnerability in Nagios Fusion and Nagios XI
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
network
low complexity
nagios CWE-345
critical
 9.8
9.8