Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Librenms Subscribe
Filtered by product Librenms
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20434 1 Librenms 1 Librenms 2019-06-04 10.0 HIGH 9.8 CRITICAL
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVE-2018-20678 1 Librenms 1 Librenms 2019-03-28 6.5 MEDIUM 8.8 HIGH
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
CVE-2018-18478 1 Librenms 1 Librenms 2018-12-04 4.3 MEDIUM 6.1 MEDIUM
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.