Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-13458 (GCVE-0-2018-13458)
Vulnerability from cvelistv5
Published
2018-07-12 18:00
Modified
2024-08-05 09:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T20:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13458",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-08T00:00:00",
"dateUpdated": "2024-08-05T09:00:35.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-13458\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-12T18:29:00.497\",\"lastModified\":\"2024-11-21T03:47:07.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.\"},{\"lang\":\"es\",\"value\":\"qh_core en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.4.1\",\"matchCriteriaId\":\"CD7E3DC4-8B91-4477-9CDF-5B102F7979E5\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://knowledge.opsview.com/v5.3/docs/whats-new\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://knowledge.opsview.com/v5.4/docs/whats-new\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45082/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://knowledge.opsview.com/v5.3/docs/whats-new\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://knowledge.opsview.com/v5.4/docs/whats-new\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45082/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
opensuse-su-2020:0517-1
Vulnerability from csaf_opensuse
Published
2020-04-14 16:11
Modified
2020-04-14 16:11
Summary
Security update for nagios
Notes
Title of the patch
Security update for nagios
Description of the patch
This update for nagios to version 4.4.5 fixes the following issues:
- CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows
local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309)
- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832)
- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service
vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290).
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nagios",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nagios to version 4.4.5 fixes the following issues:\n\n- CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows \n local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309)\n- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832)\n- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service \n vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-517",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0517-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0517-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G5J75GK25DTTK4SXS4VCSBZ3KBQ2JPAU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0517-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G5J75GK25DTTK4SXS4VCSBZ3KBQ2JPAU/"
},
{
"category": "self",
"summary": "SUSE Bug 1028975",
"url": "https://bugzilla.suse.com/1028975"
},
{
"category": "self",
"summary": "SUSE Bug 1119832",
"url": "https://bugzilla.suse.com/1119832"
},
{
"category": "self",
"summary": "SUSE Bug 1156309",
"url": "https://bugzilla.suse.com/1156309"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13441 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13457 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13458 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18245 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3698/"
}
],
"title": "Security update for nagios",
"tracking": {
"current_release_date": "2020-04-14T16:11:03Z",
"generator": {
"date": "2020-04-14T16:11:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0517-1",
"initial_release_date": "2020-04-14T16:11:03Z",
"revision_history": [
{
"date": "2020-04-14T16:11:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nagios-4.4.5-bp151.4.3.1.aarch64",
"product": {
"name": "nagios-4.4.5-bp151.4.3.1.aarch64",
"product_id": "nagios-4.4.5-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"product": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"product_id": "nagios-contrib-4.4.5-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"product": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"product_id": "nagios-devel-4.4.5-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nagios-www-4.4.5-bp151.4.3.1.aarch64",
"product": {
"name": "nagios-www-4.4.5-bp151.4.3.1.aarch64",
"product_id": "nagios-www-4.4.5-bp151.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"product": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"product_id": "nagios-www-dch-4.4.5-bp151.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"product": {
"name": "nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"product_id": "nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nagios-4.4.5-bp151.4.3.1.ppc64le",
"product": {
"name": "nagios-4.4.5-bp151.4.3.1.ppc64le",
"product_id": "nagios-4.4.5-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"product": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"product_id": "nagios-contrib-4.4.5-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"product": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"product_id": "nagios-devel-4.4.5-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"product": {
"name": "nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"product_id": "nagios-www-4.4.5-bp151.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"product": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"product_id": "nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nagios-4.4.5-bp151.4.3.1.s390x",
"product": {
"name": "nagios-4.4.5-bp151.4.3.1.s390x",
"product_id": "nagios-4.4.5-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"product": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"product_id": "nagios-contrib-4.4.5-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nagios-devel-4.4.5-bp151.4.3.1.s390x",
"product": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.s390x",
"product_id": "nagios-devel-4.4.5-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nagios-www-4.4.5-bp151.4.3.1.s390x",
"product": {
"name": "nagios-www-4.4.5-bp151.4.3.1.s390x",
"product_id": "nagios-www-4.4.5-bp151.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"product": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"product_id": "nagios-www-dch-4.4.5-bp151.4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nagios-4.4.5-bp151.4.3.1.x86_64",
"product": {
"name": "nagios-4.4.5-bp151.4.3.1.x86_64",
"product_id": "nagios-4.4.5-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"product": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"product_id": "nagios-contrib-4.4.5-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"product": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"product_id": "nagios-devel-4.4.5-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-www-4.4.5-bp151.4.3.1.x86_64",
"product": {
"name": "nagios-www-4.4.5-bp151.4.3.1.x86_64",
"product_id": "nagios-www-4.4.5-bp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.x86_64",
"product": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.x86_64",
"product_id": "nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-4.4.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64"
},
"product_reference": "nagios-4.4.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-4.4.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le"
},
"product_reference": "nagios-4.4.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-4.4.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x"
},
"product_reference": "nagios-4.4.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-4.4.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64"
},
"product_reference": "nagios-4.4.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64"
},
"product_reference": "nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le"
},
"product_reference": "nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x"
},
"product_reference": "nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-contrib-4.4.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64"
},
"product_reference": "nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64"
},
"product_reference": "nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le"
},
"product_reference": "nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x"
},
"product_reference": "nagios-devel-4.4.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-4.4.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64"
},
"product_reference": "nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch"
},
"product_reference": "nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-4.4.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64"
},
"product_reference": "nagios-www-4.4.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-4.4.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le"
},
"product_reference": "nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-4.4.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x"
},
"product_reference": "nagios-www-4.4.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-4.4.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64"
},
"product_reference": "nagios-www-4.4.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64"
},
"product_reference": "nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le"
},
"product_reference": "nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.s390x as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x"
},
"product_reference": "nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-dch-4.4.5-bp151.4.3.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
},
"product_reference": "nagios-www-dch-4.4.5-bp151.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13441"
}
],
"notes": [
{
"category": "general",
"text": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13441",
"url": "https://www.suse.com/security/cve/CVE-2018-13441"
},
{
"category": "external",
"summary": "SUSE Bug 1101293 for CVE-2018-13441",
"url": "https://bugzilla.suse.com/1101293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-14T16:11:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-13441"
},
{
"cve": "CVE-2018-13457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13457"
}
],
"notes": [
{
"category": "general",
"text": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13457",
"url": "https://www.suse.com/security/cve/CVE-2018-13457"
},
{
"category": "external",
"summary": "SUSE Bug 1101290 for CVE-2018-13457",
"url": "https://bugzilla.suse.com/1101290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-14T16:11:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-13457"
},
{
"cve": "CVE-2018-13458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13458"
}
],
"notes": [
{
"category": "general",
"text": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13458",
"url": "https://www.suse.com/security/cve/CVE-2018-13458"
},
{
"category": "external",
"summary": "SUSE Bug 1101289 for CVE-2018-13458",
"url": "https://bugzilla.suse.com/1101289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-14T16:11:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-13458"
},
{
"cve": "CVE-2018-18245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18245"
}
],
"notes": [
{
"category": "general",
"text": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18245",
"url": "https://www.suse.com/security/cve/CVE-2018-18245"
},
{
"category": "external",
"summary": "SUSE Bug 1119832 for CVE-2018-18245",
"url": "https://bugzilla.suse.com/1119832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-14T16:11:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-18245"
},
{
"cve": "CVE-2019-3698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3698"
}
],
"notes": [
{
"category": "general",
"text": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3698",
"url": "https://www.suse.com/security/cve/CVE-2019-3698"
},
{
"category": "external",
"summary": "SUSE Bug 1150550 for CVE-2019-3698",
"url": "https://bugzilla.suse.com/1150550"
},
{
"category": "external",
"summary": "SUSE Bug 1156309 for CVE-2019-3698",
"url": "https://bugzilla.suse.com/1156309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-contrib-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-devel-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-theme-exfoliation-4.4.5-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-4.4.5-bp151.4.3.1.x86_64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.aarch64",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.ppc64le",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.s390x",
"SUSE Package Hub 15 SP1:nagios-www-dch-4.4.5-bp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-14T16:11:03Z",
"details": "moderate"
}
],
"title": "CVE-2019-3698"
}
]
}
opensuse-su-2020:0500-1
Vulnerability from csaf_opensuse
Published
2020-04-11 10:16
Modified
2020-04-11 10:16
Summary
Security update for nagios
Notes
Title of the patch
Security update for nagios
Description of the patch
This update for nagios to version 4.4.5 fixes the following issues:
- CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows
local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309)
- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832)
- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service
vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290).
Patchnames
openSUSE-2020-500
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nagios",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nagios to version 4.4.5 fixes the following issues:\n\n- CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows \n local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309)\n- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832)\n- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service \n vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-500",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0500-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0500-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HKTKWPRP5BSNBXHHJ3JC2CHRRZALRC26/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0500-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HKTKWPRP5BSNBXHHJ3JC2CHRRZALRC26/"
},
{
"category": "self",
"summary": "SUSE Bug 1028975",
"url": "https://bugzilla.suse.com/1028975"
},
{
"category": "self",
"summary": "SUSE Bug 1119832",
"url": "https://bugzilla.suse.com/1119832"
},
{
"category": "self",
"summary": "SUSE Bug 1156309",
"url": "https://bugzilla.suse.com/1156309"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13441 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13457 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13458 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13458/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18245 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3698 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3698/"
}
],
"title": "Security update for nagios",
"tracking": {
"current_release_date": "2020-04-11T10:16:04Z",
"generator": {
"date": "2020-04-11T10:16:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0500-1",
"initial_release_date": "2020-04-11T10:16:04Z",
"revision_history": [
{
"date": "2020-04-11T10:16:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"product": {
"name": "nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"product_id": "nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nagios-4.4.5-lp151.5.4.1.x86_64",
"product": {
"name": "nagios-4.4.5-lp151.5.4.1.x86_64",
"product_id": "nagios-4.4.5-lp151.5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"product": {
"name": "nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"product_id": "nagios-contrib-4.4.5-lp151.5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"product": {
"name": "nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"product_id": "nagios-devel-4.4.5-lp151.5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-www-4.4.5-lp151.5.4.1.x86_64",
"product": {
"name": "nagios-www-4.4.5-lp151.5.4.1.x86_64",
"product_id": "nagios-www-4.4.5-lp151.5.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "nagios-www-dch-4.4.5-lp151.5.4.1.x86_64",
"product": {
"name": "nagios-www-dch-4.4.5-lp151.5.4.1.x86_64",
"product_id": "nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-4.4.5-lp151.5.4.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64"
},
"product_reference": "nagios-4.4.5-lp151.5.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-contrib-4.4.5-lp151.5.4.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64"
},
"product_reference": "nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-devel-4.4.5-lp151.5.4.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64"
},
"product_reference": "nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch"
},
"product_reference": "nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-4.4.5-lp151.5.4.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64"
},
"product_reference": "nagios-www-4.4.5-lp151.5.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nagios-www-dch-4.4.5-lp151.5.4.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
},
"product_reference": "nagios-www-dch-4.4.5-lp151.5.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13441"
}
],
"notes": [
{
"category": "general",
"text": "qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13441",
"url": "https://www.suse.com/security/cve/CVE-2018-13441"
},
{
"category": "external",
"summary": "SUSE Bug 1101293 for CVE-2018-13441",
"url": "https://bugzilla.suse.com/1101293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-11T10:16:04Z",
"details": "moderate"
}
],
"title": "CVE-2018-13441"
},
{
"cve": "CVE-2018-13457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13457"
}
],
"notes": [
{
"category": "general",
"text": "qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13457",
"url": "https://www.suse.com/security/cve/CVE-2018-13457"
},
{
"category": "external",
"summary": "SUSE Bug 1101290 for CVE-2018-13457",
"url": "https://bugzilla.suse.com/1101290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-11T10:16:04Z",
"details": "moderate"
}
],
"title": "CVE-2018-13457"
},
{
"cve": "CVE-2018-13458",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13458"
}
],
"notes": [
{
"category": "general",
"text": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13458",
"url": "https://www.suse.com/security/cve/CVE-2018-13458"
},
{
"category": "external",
"summary": "SUSE Bug 1101289 for CVE-2018-13458",
"url": "https://bugzilla.suse.com/1101289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-11T10:16:04Z",
"details": "moderate"
}
],
"title": "CVE-2018-13458"
},
{
"cve": "CVE-2018-18245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18245"
}
],
"notes": [
{
"category": "general",
"text": "Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18245",
"url": "https://www.suse.com/security/cve/CVE-2018-18245"
},
{
"category": "external",
"summary": "SUSE Bug 1119832 for CVE-2018-18245",
"url": "https://bugzilla.suse.com/1119832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-11T10:16:04Z",
"details": "moderate"
}
],
"title": "CVE-2018-18245"
},
{
"cve": "CVE-2019-3698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3698"
}
],
"notes": [
{
"category": "general",
"text": "UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3698",
"url": "https://www.suse.com/security/cve/CVE-2019-3698"
},
{
"category": "external",
"summary": "SUSE Bug 1150550 for CVE-2019-3698",
"url": "https://bugzilla.suse.com/1150550"
},
{
"category": "external",
"summary": "SUSE Bug 1156309 for CVE-2019-3698",
"url": "https://bugzilla.suse.com/1156309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:nagios-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-contrib-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-devel-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-theme-exfoliation-4.4.5-lp151.5.4.1.noarch",
"openSUSE Leap 15.1:nagios-www-4.4.5-lp151.5.4.1.x86_64",
"openSUSE Leap 15.1:nagios-www-dch-4.4.5-lp151.5.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-11T10:16:04Z",
"details": "moderate"
}
],
"title": "CVE-2019-3698"
}
]
}
gsd-2018-13458
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-13458",
"description": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"id": "GSD-2018-13458",
"references": [
"https://www.suse.com/security/cve/CVE-2018-13458.html",
"https://advisories.mageia.org/CVE-2018-13458.html",
"https://packetstormsecurity.com/files/cve/CVE-2018-13458"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-13458"
],
"details": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"id": "GSD-2018-13458",
"modified": "2023-12-13T01:22:26.761436Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13458"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"name": "45082",
"refsource": "EXPLOIT-DB",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"name": "openSUSE-SU-2020:0500",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"name": "openSUSE-SU-2020:0517",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-04-11T18:15Z",
"publishedDate": "2018-07-12T18:29Z"
}
}
}
cnvd-2018-17504
Vulnerability from cnvd
Title: Nagios Core空指针解引用漏洞
Description:
Nagios Core是一款开源系统和网络监控应用程序。
Nagios Core 4.4.1及更早版本中的qh_core存在空指针解引用漏洞。攻击者可通过向侦听UNIX套接字发送特制payload利用该漏洞导致拒绝服务。
Severity: 中
Formal description:
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.nagios.org/downloads/nagios-core
Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13458
Impacted products
| Name | Nagios Nagios Core <=4.4.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-13458"
}
},
"description": "Nagios Core\u662f\u4e00\u6b3e\u5f00\u6e90\u7cfb\u7edf\u548c\u7f51\u7edc\u76d1\u63a7\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nNagios Core 4.4.1\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684qh_core\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u4fa6\u542cUNIX\u5957\u63a5\u5b57\u53d1\u9001\u7279\u5236payload\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Fakhri Zulkifli",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.nagios.org/downloads/nagios-core",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-17504",
"openTime": "2018-09-05",
"products": {
"product": "Nagios Nagios Core \u003c=4.4.1"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-13458",
"serverity": "\u4e2d",
"submitTime": "2018-07-13",
"title": "Nagios Core\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}
ghsa-9fx5-wc5q-367p
Vulnerability from github
Published
2022-05-13 01:27
Modified
2022-05-13 01:27
Severity ?
VLAI Severity ?
Details
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
{
"affected": [],
"aliases": [
"CVE-2018-13458"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-12T18:29:00Z",
"severity": "MODERATE"
},
"details": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.",
"id": "GHSA-9fx5-wc5q-367p",
"modified": "2022-05-13T01:27:25Z",
"published": "2022-05-13T01:27:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13458"
},
{
"type": "WEB",
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"type": "WEB",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"type": "WEB",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45082"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2018-13458
Vulnerability from fkie_nvd
Published
2018-07-12 18:29
Modified
2024-11-21 03:47
Severity ?
Summary
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | nagios_core | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7E3DC4-8B91-4477-9CDF-5B102F7979E5",
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket."
},
{
"lang": "es",
"value": "qh_core en Nagios Core en versiones 4.4.1 y anteriores es propenso a una vulnerabilidad de desreferencia de puntero NULL que permite que atacantes provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) local mediante el env\u00edo de una carga \u00fatil manipulada al socket UNIX en escucha."
}
],
"id": "CVE-2018-13458",
"lastModified": "2024-11-21T03:47:07.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-12T18:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45082/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…