Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.4 views

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

7.1CVSS6.8AI score0.00937EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS0.01893EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:25 p.m.6 views

CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

5.3CVSS0.00783EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.2 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS7AI score0.01893EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:23 p.m.15 views

CVE-2025-34274

Nagios Log Server (pre-2024R2.0.3) contains an execution with unnecessary privileges due to embedding a Logstash process running as root. If an attacker compromises Logstash (e.g., via insecure plugins, pipeline config injection, or input parsing vulnerabilities), they could execute code with roo...

9.8CVSS7AI score0.01893EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.6 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3 that stems from the default dashboard not reliably falling back to the empty default dashboard after it...

6.5CVSS6.1AI score0.00783EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from an incorrect authorization check that could result in a non-administrative user...

7.1CVSS6.5AI score0.00937EPSS
Exploits0References3
Rows per page
Query Builder