CVE-2026-33029

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...

PT-2026-29090

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description An input validation issue in the logrotate configuration allows an authenticated user to cause a Denial of Service DoS. Submitting a negative integer for the rotation interval causes the backend to...

Nginx UI 输入验证错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a vulnerability related to input validation. This vulnerability stemmed from issues with input validation in the logrotate configuration. It allowed authenticated users to cause the web interfa...

SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server (SUSE-SU-2025:3809-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3809-1 advisory. - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests bsc1245105 - fixed a bad logrotate configuration...

SUSE CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

CVE-2025-61909

CVE-2025-61909 affects Icinga 2: from 2.10.0 up to but not including 2.15.1, and also affected 2.14.7 and 2.13.13, the safe-reload script (used during icinga2 reload) and the logrotate config read the main Icinga 2 process PID from a PID file writable by the daemon user, but send signals as root....

EUVD-2019-2181

Malware in sbrugna...

EUVD-2025-22438

Malicious code in bioql PyPI...

SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server313 (SUSE-SU-2025:03234-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03234-1 advisory. - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 - Fixed bad logrotate configuration...

SUSE-SU-2025:03234-1 Security update for rabbitmq-server313

This update for rabbitmq-server313 fixes the following issues: - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request bsc1245105 - Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root bsc1246091...

CVE-2025-53882 The logrotate configuration in the python-mailman of openSUSE allows the mailman user to sent SIGHUP to arbitrary proceess

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1...

CVE-2025-53882

CVE-2025-53882 affects openSUSE Tumbleweed due to a vulnerability in the logrotate configuration used by mailman3. The issue arises from reliance on untrusted inputs in a security decision, enabling the mailman user to send SIGHUP to arbitrary processes. Affected version range is openSUSE Tumblew...

openSUSE Tumbleweed 安全漏洞

openSUSE Tumbleweed is a desktop and server operating system from openSUSE Germany. A security vulnerability exists in openSUSE Tumbleweed versions prior to 3.3.10-2.1, which stems from a logrotate configuration dependency on untrustworthy input that could lead to elevation of privilege...

PT-2025-30553 · Mailman 3 · Mailman 3

Name of the Vulnerable Software and Affected Versions: mailman3 versions prior to 3.3.10-2.1 Description: A reliance on untrusted inputs in a security decision within the logrotate configuration allows for potential escalation from mailman to root. Recommendations: Update mailman3 to version...

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...

Linux Distros Unpatched Vulnerability : CVE-2019-10143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the...

The vulnerability of the logrotate configuration in the Nginx UI server’s user interface allows a hacker to execute arbitrary commands.

The vulnerability of the logrotate configuration in the Nginx UI server’s web interface is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands...

Improper Input Validation

Nginx UI is vulnerable to Improper Input Validation. The vulnerability is due to improper input validation when configuring logrotate, where unverified input is directly passed to exec.Command, allowing arbitrary command execution...