ReportizFlow
Filtered by vendor Centreon
Subscriptions
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | ||||
| CVE-2019-17646 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 High |
| An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. | ||||
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 High |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | ||||
| CVE-2019-17644 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 High |
| An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php. | ||||
| CVE-2019-17643 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.5 High |
| An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. | ||||
| CVE-2019-17642 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. | ||||
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | ||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.1 Medium |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | ||||
| CVE-2019-17107 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | ||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 Medium |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | ||||
| CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 5.3 Medium |
| The token generator in index.php in Centreon Web before 2.8.27 is predictable. | ||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2024-11-21 | 7.5 High |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | ||||
| CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.8 High |
| Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | ||||
| CVE-2019-16405 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.2 High |
| Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | ||||
| CVE-2019-16195 | 1 Centreon | 1 Centreon | 2024-11-21 | 6.1 Medium |
| Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | ||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | ||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | ||||
| CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | ||||
| CVE-2019-15298 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | ||||
| CVE-2019-13024 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | ||||