CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 1CVE-2018-15712
https://notcve.org/view.php?id=CVE-2018-15712
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. Nagios XI 5.5.6 permite Cross-Site Scripting (XSS) reflejado de atacantes remotos no autenticados mediante el parámetro host en api_tool.php. • https://www.tenable.com/security/research/tra-2018-37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 27%CPEs: 1EXPL: 1CVE-2018-15711
https://notcve.org/view.php?id=CVE-2018-15711
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. Nagios XI 5.5.6 permite que atacantes autenticados remotos restablezcan y regeneren la clave API de usuarios más privilegiados. El atacante puede emplear la nueva clave API para ejecutar llamadas API con privilegios elevados. • https://www.tenable.com/security/research/tra-2018-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1CVE-2018-15709
https://notcve.org/view.php?id=CVE-2018-15709
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. Nagios XI 5.5.6 permite que atacantes remotos autenticados ejecuten comandos arbitrarios mediante una petición HTTP manipulada. • https://www.tenable.com/security/research/tra-2018-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 1CVE-2018-15714
https://notcve.org/view.php?id=CVE-2018-15714
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. Nagios XI 5.5.6 permite Cross-Site Scripting (XSS) reflejado de atacantes remotos no autenticados mediante los parámetros oname y oname2. • https://www.tenable.com/security/research/tra-2018-37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13457 – Nagios Core 4.4.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-13457
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. qh_echo en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condición de denegación de servicio (DoS) local mediante el envío de una carga útil manipulada al socket UNIX en escucha. Nagios Core versions 4.4.1 and below suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45082 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab https://knowledge.opsview.com/v5.3/docs/whats-new https://knowledge.opsview.com/v5.4/docs/whats-new • CWE-476: NULL Pointer Dereference •