{"affected":[{"ecosystem_specific":{"binaries":[{"nagios":"4.4.5-lp151.5.4.1","nagios-contrib":"4.4.5-lp151.5.4.1","nagios-devel":"4.4.5-lp151.5.4.1","nagios-theme-exfoliation":"4.4.5-lp151.5.4.1","nagios-www":"4.4.5-lp151.5.4.1","nagios-www-dch":"4.4.5-lp151.5.4.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"nagios","purl":"pkg:rpm/opensuse/nagios&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.5-lp151.5.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nagios to version 4.4.5 fixes the following issues:\n\n- CVE-2019-3698: Symbolic link following vulnerability in the cronjob allows \n  local attackers to cause cause DoS or potentially escalate privileges. (boo#1156309)\n- CVE-2018-18245: Fixed XSS vulnerability in Alert Summary report (boo#1119832)\n- CVE-2018-13441, CVE-2018-13458, CVE-2018-13457: Fixed a few denial of service \n  vulnerabilities caused by null pointer dereference (boo#1101293, boo#1101289, boo#1101290).\n","id":"openSUSE-SU-2020:0500-1","modified":"2020-04-11T10:16:04Z","published":"2020-04-11T10:16:04Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HKTKWPRP5BSNBXHHJ3JC2CHRRZALRC26/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028975"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119832"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156309"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13441"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13457"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18245"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3698"}],"related":["CVE-2018-13441","CVE-2018-13457","CVE-2018-13458","CVE-2018-18245","CVE-2019-3698"],"summary":"Security update for nagios","upstream":["CVE-2018-13441","CVE-2018-13457","CVE-2018-13458","CVE-2018-18245","CVE-2019-3698"]}