Nagios

Log Server

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2024-58273

  • EPSS 0.02%
  • Veröffentlicht 30.10.2025 21:24:15
  • Zuletzt bearbeitet 06.11.2025 16:34:35

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.

9.8

CVE-2025-34274

  • EPSS 0.66%
  • Veröffentlicht 30.10.2025 21:23:54
  • Zuletzt bearbeitet 06.11.2025 16:27:58

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploi...

8.1

CVE-2023-7322

  • EPSS 0.25%
  • Veröffentlicht 30.10.2025 21:23:34
  • Zuletzt bearbeitet 06.11.2025 16:20:51

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via t...

5.4

CVE-2016-15049

  • EPSS 0.43%
  • Veröffentlicht 30.10.2025 21:23:13
  • Zuletzt bearbeitet 05.11.2025 18:27:48

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-cont...

9.8

CVE-2025-34271

  • EPSS 0.63%
  • Veröffentlicht 30.10.2025 21:22:51
  • Zuletzt bearbeitet 06.11.2025 16:29:46

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a ...

4.9

CVE-2025-34270

  • EPSS 0.09%
  • Veröffentlicht 30.10.2025 21:22:28
  • Zuletzt bearbeitet 06.11.2025 16:31:27

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be expos...

8.8

CVE-2025-44823

Exploit
  • EPSS 0.32%
  • Veröffentlicht 07.10.2025 00:00:00
  • Zuletzt bearbeitet 06.11.2025 16:41:01

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.

6.5

CVE-2025-44824

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.10.2025 00:00:00
  • Zuletzt bearbeitet 06.11.2025 16:40:35

Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch call. The service stops even though "message": "Coul...

8.3

CVE-2025-29471

Exploit
  • EPSS 7.06%
  • Veröffentlicht 15.04.2025 00:00:00
  • Zuletzt bearbeitet 23.04.2025 16:30:10

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

5.4

CVE-2021-35478

Exploit
  • EPSS 47.6%
  • Veröffentlicht 30.07.2021 14:15:17
  • Zuletzt bearbeitet 21.11.2024 06:12:21

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.