Lucene search
K

312 matches found

CVE
CVE
added 2025/10/30 9:24 p.m.17 views

CVE-2025-34273

CVE-2025-34273 concerns Nagios Log Server prior to 2024R2.0.3, where an incorrect authorization check in the global dashboard deletion workflow allows non-administrator users to delete dashboards, potentially affecting other users and the monitoring UI. Affected product: Nagios Log Server; vulner...

7.1CVSS6.4AI score0.00937EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:24 p.m.16 views

CVE-2025-34273 Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

7.1CVSS0.00937EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:24 p.m.4 views

CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...

8.5CVSS7AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:24 p.m.18 views

CVE-2024-58273

CVE-2024-58273 affects Nagios Log Server prior to 2024R1.0.2. The vulnerability enables local privilege escalation when an attacker can run commands as the Apache web user (or backend shell user), escalating to root on the host. Red Hat and related sources corroborate the LPE exposure in affected...

8.5CVSS7AI score0.00256EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:24 p.m.8 views

CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...

8.5CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:23 p.m.16 views

CVE-2025-34274

Nagios Log Server (pre-2024R2.0.3) contains an execution with unnecessary privileges due to embedding a Logstash process running as root. If an attacker compromises Logstash (e.g., via insecure plugins, pipeline config injection, or input parsing vulnerabilities), they could execute code with roo...

9.8CVSS7AI score0.01893EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:23 p.m.6 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS0.01893EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.2 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS7AI score0.01893EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:23 p.m.6 views

CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS0.00972EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.3 views

CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS6.1AI score0.00972EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:23 p.m.12 views

CVE-2023-7322

Affected software: Nagios Log Server, versions prior to 2024R1. Vulnerability: incorrect authorization in API handling could allow authenticated but non-privileged users to read or modify resources via the API beyond their rights. Root cause: insufficient authorization checks on API endpoints. Im...

8.7CVSS6.1AI score0.00972EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:23 p.m.12 views

CVE-2016-15049 Nagios Log Server < 1.4.2 Dashboards Logs Table XSS

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.1CVSS0.00466EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:23 p.m.12 views

CVE-2016-15049

Nagios Log Server is affected by an XSS vulnerability in the Dashboards section, specifically when rendering log entries in the Logs table. Affected products are Nagios Log Server versions prior to 1.4.2; untrusted log content was not safely encoded for the output context, allowing attacker-contr...

5.4CVSS5.6AI score0.00466EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.4 views

CVE-2016-15049 Nagios Log Server < 1.4.2 Dashboards Logs Table XSS

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.1CVSS5.6AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:22 p.m.9 views

CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

8.7CVSS0.00678EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:22 p.m.18 views

CVE-2025-34271

Nagios Log Server (prior to 2024R2.0.2) suffers a cluster manager credential leakage vulnerability: credentials requested from peer nodes over an unencrypted channel, even with SSL/TLS enabled. This allows an on-path attacker to intercept credentials in transit and potentially authenticate as a c...

9.8CVSS6.4AI score0.00678EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:22 p.m.5 views

CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

8.7CVSS6.4AI score0.00678EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:22 p.m.5 views

CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

6.9CVSS6.4AI score0.00571EPSS
Exploits0References4
CVE
CVE
added 2025/10/30 9:22 p.m.14 views

CVE-2025-34270

CVE-2025-34270 affects Nagios Log Server versions prior to 2024R2.0.2, where the AD/LDAP user import path does not obfuscate the password field. The result is potential exposure of plaintext passwords for imported accounts in the user interface, logs, or other diagnostic output. The Red Hat and E...

6.9CVSS6.4AI score0.00571EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:22 p.m.8 views

CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

6.9CVSS0.00571EPSS
Exploits0References4
Rows per page
Query Builder