Vulnerabilities > Nagios > Nagios > 4.3.2

DATE CVE VULNERABILITY TITLE RISK
2018-07-12 CVE-2018-13441 NULL Pointer Dereference vulnerability in Nagios
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
local
low complexity
nagios CWE-476
5.5
2017-08-23 CVE-2017-12847 Improper Initialization vulnerability in Nagios
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
local
high complexity
nagios CWE-665
6.3