Vulnerabilities > Nagios > Nagios XI > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-15710 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
local
low complexity
nagios CWE-78
7.8
7.8
2018-11-14 CVE-2018-15709 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
nagios CWE-78
8.8
8.8
2018-05-16 CVE-2018-10738 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
network
low complexity
nagios CWE-89
7.2
7.2
2018-05-16 CVE-2018-10737 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
network
low complexity
nagios CWE-89
7.2
7.2
2018-05-16 CVE-2018-10736 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
network
low complexity
nagios CWE-89
7.2
7.2
2018-05-16 CVE-2018-10735 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
network
low complexity
nagios CWE-89
7.2
7.2
2018-04-18 CVE-2018-8736 Unspecified vulnerability in Nagios XI
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
network
low complexity
nagios
8.8
8.8
2018-04-18 CVE-2018-8735 OS Command Injection vulnerability in Nagios XI
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
network
low complexity
nagios CWE-78
8.8
8.8