9 matches found
CVE-2025-34323
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...
EUVD-2025-197844
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account is granted passwordless sudo access to certain maintenance scripts while also being a member of a group that...
CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...
CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...
PT-2025-47192
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to Execution with Unnecessary Privileges, CVE-2025-36137.
Summary IBM Sterling Control Center can apply maintenance to and upgrade IBM Sterling Connect:Direct for UNIX. The Control Center administrator has the option of running pre and post update scripts. Those scripts are run as root; they should be run as the standard user account under which...
java-21-openjdk security update
1:21.0.3.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.3.0.9-1 - Update to jdk-21.0.3+9 GA - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves:...
SOS JobScheduler 1.13.3 CVE-2020-12712 Stored Password Decryption
SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt. Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com...
CVE-2017-14380
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...