ReportizFlow
Filtered by vendor Librenms
Subscriptions
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29712 | 1 Librenms | 1 Librenms | 2024-11-21 | 9.8 Critical |
| LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | ||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | ||||
| CVE-2022-0772 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. | ||||
| CVE-2022-0589 | 1 Librenms | 1 Librenms | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | ||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.1 High |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0587 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 Medium |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0580 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.1 High |
| Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0576 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | ||||
| CVE-2022-0575 | 1 Librenms | 1 Librenms | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2021-44279 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | ||||
| CVE-2021-44278 | 1 Librenms | 1 Librenms | 2024-11-21 | 9.8 Critical |
| Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | ||||
| CVE-2021-44277 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. | ||||
| CVE-2021-43324 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.1 Medium |
| LibreNMS through 21.10.2 allows XSS via a widget title. | ||||
| CVE-2021-31274 | 1 Librenms | 1 Librenms | 2024-11-21 | 5.4 Medium |
| In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. | ||||
| CVE-2020-35700 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | ||||
| CVE-2020-15877 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. | ||||
| CVE-2020-15873 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 Medium |
| In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. | ||||
| CVE-2019-15230 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. | ||||
| CVE-2019-12465 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.1 High |
| An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request. | ||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.5 High |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | ||||