Permissions missuses in Nagios XI 5.7.4

Overview :
Permissions missuses in Nagios
Affected Product(s) :
  • Nagios XI 5.7.4
Vulnerability Details :
CVE ID : CVE-2020-5796
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

Solution :

Upgrade to Nagios XI 5.7.5 or newer.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION

Description OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

CVE-2022-31856 : NEWSLETTER MODULE ON OPENCART /INDEX.PHP ZEMEZ_NEWSLETTER_EMAIL SQL INJECTION

Description Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. References https://www.exploit-db.com/exploits/50942

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

CVE-2022-34918 : LINUX KERNEL UP TO 5.18.9 USER NAMESPACE NF_TABLES_API.C NFT_SET_ELEM_INIT TYPE CONFUSION

Description An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a