D0Lph1N98

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 4.4.1 and earlier **Description** The issue is related to a NULL pointer dereference vulnerability in the qh help component. This vulnerability can be exploited by an attacker to cause a local denial-of-service condition. The exploitation involves sending a crafted payload to the listening UNIX socket. **Recommendations** For Nagios Core versions 4.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 4.4.1 and earlier **Description** The issue allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket, due to a NULL pointer dereference vulnerability in qh echo. **Recommendations** For Nagios Core versions 4.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios Core versions 4.4.1 and earlier **Description** The issue allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket, due to a NULL pointer dereference vulnerability in qh core. **Recommendations** For Nagios Core versions 4.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTP version 4.2.8p11 Eltex ESR-200 (affected versions not specified) NTP (affected versions not specified) **Description** The issue is related to the implementation of the NTP protocol, which can lead to security restrictions being bypassed. An attacker could exploit this by creating many ephemeral associations to win the clock selection of ntpd and modify a victim's clock. Additionally, there is a stack-based buffer overflow in ntpq and ntpdc, allowing an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. **Recommendations** For NTP version 4.2.8p11, consider updating to a newer version that addresses the stack-based buffer overflow issue. For Eltex ESR-200, restrict access to the NTP protocol implementation to minimize the risk of exploitation due to the uncontrolled resource consumption vulnerability. For NTP, to mitigate the Sybil attack vulnerability, consider implementing restrictions on the creation of ephemeral associations to prevent an attacker from winning the clock selection of ntpd. At the moment, there is no information about a newer version that contains a fix for this vulnerability in all cases.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 5.0 **Description** The issue is related to a type confusion in the xgroupCommand function in t stream.c in redis-server, allowing remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: QEMU versions 2.12.50 Description: The issue is related to an integer overflow in the `qmp guest file read` function, which can cause a segmentation fault when attempting to allocate a large memory chunk. This can be exploited by sending a crafted QMP command, including `guest-file-read` with a large `count` value, to the agent via the listening socket. Recommendations: For QEMU version 2.12.50, as a temporary workaround, consider restricting access to the `qmp guest file read` function until a patch is available. Avoid using the `guest-file-read` command with large `count` values in the affected QMP command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.