Vulnerabilities > Nagios > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-15709 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | 8.8 |
| 2018-08-01 | CVE-2016-8641 | Link Following vulnerability in Nagios A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. | 7.8 |
| 2018-05-16 | CVE-2018-10738 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | 7.2 |
| 2018-05-16 | CVE-2018-10737 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | 7.2 |
| 2018-05-16 | CVE-2018-10736 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | 7.2 |
| 2018-05-16 | CVE-2018-10735 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | 7.2 |
| 2018-04-18 | CVE-2018-8736 | Unspecified vulnerability in Nagios XI A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. | 8.8 |
| 2018-04-18 | CVE-2018-8735 | OS Command Injection vulnerability in Nagios XI Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | 8.8 |
| 2017-09-11 | CVE-2017-14312 | Improper Privilege Management vulnerability in Nagios Core Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | 7.8 |
| 2017-02-15 | CVE-2016-10089 | Permissions, Privileges, and Access Controls vulnerability in Nagios Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | 7.8 |