Vulnerabilities > Nagios > Nagios XI > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2024-24402 | Unspecified vulnerability in Nagios XI 2024 An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. | 9.8 |
| 2023-12-14 | CVE-2023-48085 | Unspecified vulnerability in Nagios XI Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | 9.8 |
| 2023-12-14 | CVE-2023-48084 | SQL Injection vulnerability in Nagios XI Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | 9.8 |
| 2022-09-07 | CVE-2022-38250 | SQL Injection vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | 9.8 |
| 2021-09-28 | CVE-2021-36366 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | 9.8 |
| 2021-09-28 | CVE-2021-36365 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | 9.8 |
| 2021-09-28 | CVE-2021-36364 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | 9.8 |
| 2021-09-28 | CVE-2021-36363 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | 9.8 |
| 2021-08-13 | CVE-2021-37350 | SQL Injection vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. | 9.8 |
| 2021-05-24 | CVE-2020-28910 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | 9.8 |