Vulnerabilities > Nagios > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-15903 | Unspecified vulnerability in Nagios XI An issue was found in Nagios XI before 5.7.3. | 9.8 |
| 2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 9.8 |
| 2019-05-22 | CVE-2019-12279 | SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). | 9.8 |
| 2019-03-28 | CVE-2019-9204 | SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1 SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | 9.8 |
| 2019-03-28 | CVE-2019-9203 | Unspecified vulnerability in Nagios Incident Manager 2.0.0/2.0.1 Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. | 9.8 |
| 2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
| 2018-11-14 | CVE-2018-15708 | Unspecified vulnerability in Nagios XI 5.5.6 Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | 9.8 |
| 2018-04-18 | CVE-2018-8734 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | 9.8 |
| 2018-04-18 | CVE-2018-8733 | SQL Injection vulnerability in Nagios XI Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | 9.8 |
| 2017-06-06 | CVE-2016-0726 | Use of Hard-coded Credentials vulnerability in Nagios The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | 9.8 |