Vulnerabilities > Nagios > Nagios XI > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2021-3193 | Unspecified vulnerability in Nagios XI Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | 9.8 |
| 2020-09-09 | CVE-2020-15903 | Unspecified vulnerability in Nagios XI An issue was found in Nagios XI before 5.7.3. | 9.8 |
| 2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 9.8 |
| 2019-05-22 | CVE-2019-12279 | SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). | 9.8 |
| 2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
| 2018-11-14 | CVE-2018-15708 | Unspecified vulnerability in Nagios XI 5.5.6 Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | 9.8 |
| 2018-04-18 | CVE-2018-8733 | SQL Injection vulnerability in Nagios XI Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | 9.8 |
| 2018-04-18 | CVE-2018-8734 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | 9.8 |