Vulnerabilities > Nagios > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-19 | CVE-2023-40933 | SQL Injection vulnerability in Nagios XI A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | 8.8 |
2023-09-19 | CVE-2023-40934 | SQL Injection vulnerability in Nagios XI A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | 7.2 |
2021-10-26 | CVE-2021-40343 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI 5.8.5 An issue was discovered in Nagios XI 5.8.5. | 7.2 |
2021-10-26 | CVE-2021-40345 | Command Injection vulnerability in Nagios XI 5.8.5 An issue was discovered in Nagios XI 5.8.5. | 7.2 |
2021-09-28 | CVE-2021-36363 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | 7.5 |
2021-09-28 | CVE-2021-36364 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | 7.5 |
2021-09-28 | CVE-2021-36365 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | 7.5 |
2021-09-28 | CVE-2021-36366 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | 7.5 |
2021-08-13 | CVE-2021-37344 | OS Command Injection vulnerability in Nagios XI Switch Wizard Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). | 7.5 |
2021-08-13 | CVE-2021-37346 | OS Command Injection vulnerability in Nagios XI Watchguard Wizard Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). | 7.5 |