CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13441 – Nagios Core 4.4.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-13441
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. qh_help en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que un atacante provoque una condición de denegación de servicio (DoS) local mediante el envío de una carga útil manipulada al socket UNIX en escucha. Nagios Core versions 4.4.1 and below suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45082 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8 https://knowledge.opsview.com/v5.3/docs/whats-new https://knowledge.opsview.com/v5.4/docs/whats-new • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13458 – Nagios Core 4.4.1 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-13458
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. qh_core en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condición de denegación de servicio (DoS) local mediante el envío de una carga útil manipulada al socket UNIX en escucha. Nagios Core versions 4.4.1 and below suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45082 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e https://knowledge.opsview.com/v5.3/docs/whats-new https://knowledge.opsview.com/v5.4/docs/whats-new • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10736
https://notcve.org/view.php?id=CVE-2018-10736
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro key1 en admin/info.php. • https://www.seebug.org/vuldb/ssvid-97266 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10738
https://notcve.org/view.php?id=CVE-2018-10738
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro chbKey1 en admin/menuaccess.php. • https://www.seebug.org/vuldb/ssvid-97268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1CVE-2018-10737
https://notcve.org/view.php?id=CVE-2018-10737
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro txtSearch en admin/logbook.php. • https://www.seebug.org/vuldb/ssvid-97267 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •