Lucene search
+L

440 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.8 views

CVE-2021-22138

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in...

4.3CVSS6.7AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.10 views

CVE-2022-31520

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01242EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.11 views

CVE-2019-7620

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...

7.5CVSS6.7AI score0.0208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.9 views

CVE-2019-7612

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...

9.8CVSS6.5AI score0.02407EPSS
Exploits0References1
Wolfi
Wolfi
added 2025/12/17 7:48 p.m.7 views

CVE-2025-67735 vulnerabilities

Vulnerabilities for packages: flyway, wavefront-proxy, logstash, zipkin, apicurio-registry, celeborn, keycloak, wildfly, akhq, logstash-input-http, spark, sonarqube, kserve-modelmesh, infinispan, apache-pulsar, management-api-for-apache-cassandra-5.0, trino, docker-selenium, druid,...

6.5CVSS6AI score0.00298EPSS
Exploits1
Wolfi
Wolfi
added 2025/12/17 7:48 p.m.4 views

GHSA-84H7-RJJ3-6JX4 vulnerabilities

Vulnerabilities for packages: flyway, wavefront-proxy, logstash, zipkin, apicurio-registry, celeborn, keycloak, wildfly, akhq, logstash-input-http, spark, sonarqube, kserve-modelmesh, infinispan, apache-pulsar, management-api-for-apache-cassandra-5.0, trino, docker-selenium, druid,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2025/12/17 7:17 p.m.7 views

GHSA-84H7-RJJ3-6JX4 vulnerabilities

Vulnerabilities for packages: logstash-input-http, tez, elasticsearch-fips, flyway, spark-fips, wildfly, keycloak-fips, apache-nifi, localstack, knative-kafka-broker, apache-activemq-artemis, grpc-java-fips, trino, apache-hop-fips, management-api-for-apache-cassandra-4.1, kafka-bridge, apache-hop...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2025/12/17 7:17 p.m.14 views

CVE-2025-67735 vulnerabilities

Vulnerabilities for packages: logstash-input-http, tez, elasticsearch-fips, flyway, spark-fips, wildfly, keycloak-fips, apache-nifi, localstack, knative-kafka-broker, apache-activemq-artemis, grpc-java-fips, trino, apache-hop-fips, management-api-for-apache-cassandra-4.1, kafka-bridge, apache-hop...

6.5CVSS6AI score0.00298EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS7.3AI score0.01893EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2025-37221

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS6.9AI score0.01893EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 10:15 p.m.6 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS6AI score0.01893EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS0.01893EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:23 p.m.16 views

CVE-2025-34274

Nagios Log Server (pre-2024R2.0.3) contains an execution with unnecessary privileges due to embedding a Logstash process running as root. If an attacker compromises Logstash (e.g., via insecure plugins, pipeline config injection, or input parsing vulnerabilities), they could execute code with roo...

9.8CVSS7AI score0.01893EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:23 p.m.11 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS0.01893EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:23 p.m.2 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS7AI score0.01893EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.6 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from the embedded Logstash process running as root user, which could lead to an attacker...

9.8CVSS6.7AI score0.01893EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.7 views

PT-2025-44517

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3 Description The software runs its embedded Logstash process as the root user, leading to a situation where an attacker compromising the Logstash process could execute code with root privileges,...

9.8CVSS7.1AI score0.01893EPSS
Exploits0References7
Wolfi
Wolfi
added 2025/10/15 8:42 p.m.4 views

GHSA-MR3Q-G2MV-MR4Q vulnerabilities

Vulnerabilities for packages: logstash...

7AI score
Exploits0
Wolfi
Wolfi
added 2025/10/15 8:42 p.m.22 views

CVE-2025-61921 vulnerabilities

Vulnerabilities for packages: logstash...

7.5CVSS7AI score0.00458EPSS
Exploits1
Chainguard
Chainguard
added 2025/10/15 8:17 p.m.24 views

CVE-2025-61921 vulnerabilities

Vulnerabilities for packages: logstash, gitlab-cng...

7.5CVSS7.2AI score0.00458EPSS
Exploits1
Rows per page
Query Builder