10 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-18245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...
openSUSE Security Update : nagios (openSUSE-2020-500)
This update for nagios to version 4.4.5 fixes the following issues : - CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows local attackers to cause cause DoS or potentially escalate privileges. boo1156309 - CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report...
Security update for nagios (moderate)
openSUSE Security Update: Security update for nagios Announcement ID: openSUSE-SU-2020:0517-1 Rating: moderate References: 1028975 1119832 1156309 Cross-References: CVE-2018-13441 CVE-2018-13457 CVE-2018-13458 CVE-2018-18245 CVE-2019-3698 Affected Products: openSUSE Backports SLE-15-SP1 An update...
openSUSE: Security Advisory for nagios (openSUSE-SU-2020:0500-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nagios (moderate)
openSUSE Security Update: Security update for nagios Announcement ID: openSUSE-SU-2020:0500-1 Rating: moderate References: 1028975 1119832 1156309 Cross-References: CVE-2018-13441 CVE-2018-13457 CVE-2018-13458 CVE-2018-18245 CVE-2019-3698 Affected Products: openSUSE Leap 15.1 An update that fixes...
Updated nagios packages fix security vulnerability
A flaw was found in Nagios Core version 4.4.1 and earlier. The qhhelp function is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket CVE-2018-13441. A flaw was found in...
Debian: Security Advisory (DLA-1615-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1615-1 : nagios3 security update
Several issues were corrected in nagios3, a monitoring and management system for hosts, services and networks. CVE-2018-18245 Maximilian Boehner of usd AG found a cross-site scripting XSS vulnerability in Nagios Core. This vulnerability allows attackers to place malicious JavaScript code into the...
[SECURITY] [DLA 1615-1] nagios3 security update
Package : nagios3 Version : 3.5.1.dfsg-2+deb8u1 CVE ID : CVE-2013-7108 CVE-2013-7205 CVE-2014-1878 CVE-2016-9566 CVE-2018-18245 Debian Bug : 771466 823721 917138 Several issues were corrected in nagios3, a monitoring and management system for hosts, services and networks. CVE-2018-18245 Maximilia...
CVE-2018-18245
CVE-2018-18245 : Nagios Core 4.4.2 is vulnerable to a cross-site scripting (XSS) in the alert summary reports of plugin results, demonstrated by a SCRIPT element delivered via a modified check_load plugin to NRPE. The issue stems from user-facing output in the alert summary report, enabling injec...