Vulnerabilities > Nagios > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-13 | CVE-2020-35578 | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 9.0 |
2020-09-09 | CVE-2020-15903 | Improper Privilege Management vulnerability in Nagios XI An issue was found in Nagios XI before 5.7.3. | 10.0 |
2019-12-31 | CVE-2019-20197 | OS Command Injection vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 9.0 |
2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 9.0 |
2019-05-22 | CVE-2019-12279 | SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). | 9.8 |
2019-03-28 | CVE-2019-9204 | SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1 SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | 9.8 |
2019-03-28 | CVE-2019-9203 | Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1 Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. | 9.8 |
2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
2018-04-18 | CVE-2018-8736 | Unspecified vulnerability in Nagios XI A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. | 9.0 |
2018-04-18 | CVE-2018-8735 | OS Command Injection vulnerability in Nagios XI Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | 9.0 |