Vulnerabilities > Nagios > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2023-40933 SQL Injection vulnerability in Nagios XI
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
network
low complexity
nagios CWE-89
8.8
8.8
2023-09-19 CVE-2023-40934 SQL Injection vulnerability in Nagios XI
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
network
low complexity
nagios CWE-89
7.2
7.2
2021-10-26 CVE-2021-40343 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
local
low complexity
nagios CWE-732
7.2
7.2
2021-10-26 CVE-2021-40345 Command Injection vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
network
low complexity
nagios CWE-77
7.2
7.2
2021-09-28 CVE-2021-36363 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
network
low complexity
nagios CWE-276
7.5
7.5
2021-09-28 CVE-2021-36364 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
network
low complexity
nagios
7.5
7.5
2021-09-28 CVE-2021-36365 Incorrect Default Permissions vulnerability in Nagios XI
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
network
low complexity
nagios CWE-276
7.5
7.5
2021-09-28 CVE-2021-36366 Unspecified vulnerability in Nagios XI
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
network
low complexity
nagios
7.5
7.5
2021-08-13 CVE-2021-37344 OS Command Injection vulnerability in Nagios XI Switch Wizard
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
7.5
7.5
2021-08-13 CVE-2021-37346 OS Command Injection vulnerability in Nagios XI Watchguard Wizard
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
7.5
7.5