Latest librenms librenms Vulnerabilities

CVE-2023-46745
Rate limiting Bypass on login page in libreNMS
composer/librenms/librenms<23.11.0
Librenms Librenms<23.11.0
CVE-2023-48294
Broken Access control on Graphs Feature in LibreNMS
composer/librenms/librenms<23.11.0
Librenms Librenms<23.11.0
CVE-2023-5591
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
composer/librenms/librenms<23.10.0
Librenms Librenms<=23.9.1
CVE-2023-5060
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Librenms Librenms<23.9.1
CVE-2023-4981
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Librenms Librenms<23.9.0
CVE-2023-4982
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
composer/librenms/librenms<23.9.0
Librenms Librenms<23.9.0
CVE-2023-4977
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
composer/librenms/librenms<23.9.0
Librenms Librenms<23.9.0
CVE-2023-4979
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
Librenms Librenms<23.9.0
CVE-2023-4978
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Librenms Librenms<23.9.0
CVE-2023-4980
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
composer/librenms/librenms<23.9.0
Librenms Librenms<23.9.0
CVE-2023-4347
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
Librenms Librenms<23.8.0
CVE-2022-4070
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-4069
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-4067
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-3561
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-3525
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-3562
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-3516
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Librenms Librenms<22.10.0
CVE-2022-3231
Librenms Librenms<22.9.0
CVE-2022-36745
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
Librenms Librenms=22.6.0
CVE-2022-36746
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
Librenms Librenms=22.6.0
composer/librenms/librenms<22.7.0
CVE-2022-29711
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
Librenms Librenms=22.3.0
CVE-2022-29712
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Librenms Librenms=22.3.0
CVE-2022-0772
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
Librenms Librenms<22.2.2
CVE-2022-0589
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
Librenms Librenms<22.1.0
CVE-2022-0588
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
Librenms Librenms<22.2.0
composer/librenms/librenms<22.2.0
CVE-2022-0587
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
Librenms Librenms<22.2.0
CVE-2022-0580
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
Librenms Librenms<22.2.0
composer/librenms/librenms<22.2.0
CVE-2022-0575
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
Librenms Librenms<22.2.0
CVE-2022-0576
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
Librenms Librenms<22.2.0
CVE-2021-44278
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
Librenms Librenms=21.11.0
CVE-2021-44279
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
Librenms Librenms=21.11.0
CVE-2021-44277
LibreNMS 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
composer/librenms/librenms<=21.11.0
Librenms Librenms=21.11.0
CVE-2021-43324
LibreNMS through 21.10.2 allows XSS via a widget title.
composer/librenms/librenms<=21.10.2
Librenms Librenms<=21.10.2
CVE-2021-31274
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can ge...
Librenms Librenms<21.3.0
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL c...
Librenms Librenms<21.1.0
CVE-2020-15873
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
Librenms Librenms<1.65.1
CVE-2020-15877
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
Librenms Librenms<1.65.1
CVE-2019-10671
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these data...
Librenms Librenms<=1.47
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user s...
Librenms Librenms<=1.47
CVE-2019-12465
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of ...
Librenms Librenms<1.53
CVE-2019-12464
Librenms Librenms=1.50.1
CVE-2019-12463
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encod...
Librenms Librenms>=1.50.1<1.53
CVE-2019-10667
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths.
Librenms Librenms<=1.47
CVE-2019-10669
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli...
Librenms Librenms<=1.47
CVE-2019-10668
An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose informat...
Librenms Librenms<=1.47
CVE-2019-10665
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validat...
composer/librenms/librenms<=1.47
Librenms Librenms<=1.47
CVE-2019-10666
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling bas...
Librenms Librenms<=1.47
CVE-2019-15230
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing an...
Librenms Librenms=1.54
CVE-2018-20434
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax...
Librenms Librenms=1.46

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203