Vulnerabilities > Nagios > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-15710 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | 7.2 |
| 2018-11-14 | CVE-2018-15708 | Unspecified vulnerability in Nagios XI 5.5.6 Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | 7.5 |
| 2018-08-01 | CVE-2016-8641 | Link Following vulnerability in Nagios A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. | 7.8 |
| 2018-04-18 | CVE-2018-8734 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter. | 7.5 |
| 2018-04-18 | CVE-2018-8733 | SQL Injection vulnerability in Nagios XI Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability. | 7.5 |
| 2017-09-11 | CVE-2017-14312 | Improper Privilege Management vulnerability in Nagios Core Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | 7.2 |
| 2017-06-06 | CVE-2016-0726 | Use of Hard-coded Credentials vulnerability in Nagios The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | 7.5 |
| 2017-03-31 | CVE-2014-5009 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
| 2017-03-31 | CVE-2008-7313 | Command Injection vulnerability in multiple products The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. | 7.5 |
| 2017-02-15 | CVE-2016-10089 | Permissions, Privileges, and Access Controls vulnerability in Nagios Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | 7.2 |