Vulnerabilities > Nagios > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-48084 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2023-12-14 CVE-2023-48085 Unspecified vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
network
low complexity
nagios
critical
 9.8
9.8
2022-09-07 CVE-2022-38250 SQL Injection vulnerability in Nagios XI 5.8.6
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2021-09-28 CVE-2021-36363 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
network
low complexity
nagios CWE-276
critical
 9.8
9.8
2021-09-28 CVE-2021-36364 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
network
low complexity
nagios
critical
 9.8
9.8
2021-09-28 CVE-2021-36365 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
network
low complexity
nagios CWE-276
critical
 9.8
9.8
2021-09-28 CVE-2021-36366 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
network
low complexity
nagios
critical
 9.8
9.8
2021-08-13 CVE-2021-37344 OS Command Injection vulnerability in Nagios XI Switch Wizard
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
critical
 9.8
9.8
2021-08-13 CVE-2021-37346 OS Command Injection vulnerability in Nagios XI Watchguard Wizard
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
critical
 9.8
9.8
2021-08-13 CVE-2021-37350 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
network
low complexity
nagios CWE-89
critical
 9.8
9.8