Vulnerabilities > Nagios > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-35578 OS Command Injection vulnerability in Nagios XI
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0.
network
low complexity
nagios CWE-78
critical
 9.0
9.0
2020-09-09 CVE-2020-15903 Improper Privilege Management vulnerability in Nagios XI
An issue was found in Nagios XI before 5.7.3.
network
low complexity
nagios CWE-269
critical
 10.0
10
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
critical
 9.0
9.0
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
critical
 9.0
9.0
2019-05-22 CVE-2019-12279 SQL Injection vulnerability in Nagios XI 5.6.1
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2019-03-28 CVE-2019-9204 SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2019-03-28 CVE-2019-9203 Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
network
low complexity
nagios
critical
 9.8
9.8
2019-03-28 CVE-2019-9165 SQL Injection vulnerability in Nagios XI
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2018-04-18 CVE-2018-8736 Unspecified vulnerability in Nagios XI
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
network
low complexity
nagios
critical
 9.0
9.0
2018-04-18 CVE-2018-8735 OS Command Injection vulnerability in Nagios XI
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
network
low complexity
nagios CWE-78
critical
 9.0
9.0