Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2026R1.0.1, which stems from an insecure interaction between sudo rules and filesystem permissions, which could le...

PT-2025-47192

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...

FreeBSD : sudo-rs -- Authenticating user not recorded properly in timestamp (bf6c9252-c2ec-11f0-8372-98b78501ef2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bf6c9252-c2ec-11f0-8372-98b78501ef2a advisory. Trifecta Tech Foundation reports: With Defaults targetpw or Defaults rootpw enabled, the password of th...

sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

GHSA-Q428-6V73-FC4Q sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

EUVD-2025-150364

sudo-rs doesn't record authenticating user properly in timestamp...

CVE-2025-64517

A flaw was found in sudo-rs. This vulnerability allows authentication bypass via incorrect recording of the authenticating user in the timestamp...

EUVD-2025-180321

Malicious code in array-eta-sudo-new-cron npm...

EUVD-2025-176695

Malicious code in report-epsilon-socket-beta-sudo npm...

EUVD-2025-179278

Malicious code in dog-water-double-sudo-export npm...

EUVD-2025-179157

Malicious code in emulate-sudo-query-balance-air npm...

EUVD-2025-180123

Malicious code in bash-serialize-decode-grid-sudo npm...

MAL-2025-187468 Malicious code in info-byte-simulate-cat-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0027d2338d6014bc490d64b292626df8d2de44402c81596a7920b4d4fc8d485b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175985

Malicious code in test-sudo-notify-meta-orchestrate npm...

EUVD-2025-179748

Malicious code in chi-cron-sudo-finally-visualize npm...

EUVD-2025-176944

Malicious code in psi-sudo-key-simulate-double npm...

EUVD-2025-180146

Malicious code in bad-key-short-sudo-resolve npm...

EUVD-2025-179163

Malicious code in emulate-await-sudo-code-grid npm...

EUVD-2025-176145

Malicious code in sudo-yaml-virtualize-encode-pi npm...

EUVD-2025-179923

Malicious code in byte-root-test-kappa-sudo npm...