Filtered by vendor Centreon
Subscribe
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
| CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
| CVE-2019-16405 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | |||||
| CVE-2019-16406 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | |||||
| CVE-2019-17642 | 1 Centreon | 1 Centreon | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. | |||||
| CVE-2018-21025 | 1 Centreon | 1 Centreon Vm | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | |||||
| CVE-2019-17645 | 1 Centreon | 1 Centreon | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. | |||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2019-15300 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | |||||
| CVE-2019-20327 | 1 Centreon | 1 Centreon | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.) | |||||
| CVE-2019-15299 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | |||||
| CVE-2019-17106 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | |||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||||
| CVE-2019-17104 | 1 Centreon | 1 Centreon Vm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | |||||
| CVE-2020-9463 | 1 Centreon | 1 Centreon | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | |||||
| CVE-2019-15298 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | |||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||
| CVE-2019-17107 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||