Vulnerabilities > Nagios > Nagios XI > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-37349 | Unspecified vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | 7.8 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 7.2 |
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 7.2 |
| 2021-02-15 | CVE-2020-24899 | OS Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 8.8 |
| 2021-02-15 | CVE-2020-22427 | Unspecified vulnerability in Nagios XI 5.6.11 NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. | 7.2 |
| 2021-02-15 | CVE-2021-25298 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25297 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25296 | Unspecified vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-01-13 | CVE-2020-35578 | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 7.2 |