Lucene search
K

312 matches found

EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2025-37217

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...

8.7CVSS6.5AI score0.00643EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2025-37221

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS6.9AI score0.01893EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.8 views

EUVD-2025-37220

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

7.1CVSS6.3AI score0.00937EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.7 views

EUVD-2025-37222

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

8.7CVSS6.2AI score0.00678EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37219

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

5.3CVSS6.1AI score0.00783EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37223

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

6.9CVSS6.3AI score0.00571EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2025-37218

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.4CVSS7.8AI score0.01965EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2024-55060

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...

8.5CVSS6.9AI score0.00256EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2024-55059

Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected...

5.1CVSS5.2AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2020-30817

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.1CVSS5.8AI score0.00466EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2016-10798

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.1CVSS5.5AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34298

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...

8.8CVSS5.8AI score0.00643EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2025-34298

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...

8.8CVSS0.00643EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS0.01893EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS0.01965EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS6AI score0.01893EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS6.3AI score0.01965EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34271

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

9.8CVSS0.00678EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.9 views

CVE-2025-34272

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

6.5CVSS5.8AI score0.00783EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.8 views

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

6.5CVSS5.8AI score0.00937EPSS
Exploits0References3
Rows per page
Query Builder