Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
graylog graylog vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-11650
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
Graylog Graylog
6.1
CVSSv3
CVE-2018-11651
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
Graylog Graylog
8.8
CVSSv3
CVE-2024-24824
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses...
Graylog Graylog
9.8
CVSSv3
CVE-2021-37759
A Session ID leak in the DEBUG log file in Graylog prior to 4.1.2 allows malicious users to escalate privileges (to the access level of the leaked session ID).
Graylog Graylog
3.1
CVSSv3
CVE-2023-41041
Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. U...
Graylog Graylog
6.1
CVSSv3
CVE-2018-14380
In Graylog prior to 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
Graylog Graylog
3.8
CVSSv3
CVE-2023-41044
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an at...
Graylog Graylog
8.1
CVSSv3
CVE-2020-15813
Graylog prior to 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all...
Graylog Graylog
9.8
CVSSv3
CVE-2021-37760
A Session ID leak in the audit log in Graylog prior to 4.1.2 allows malicious users to escalate privileges (to the access level of the leaked session ID).
Graylog Graylog
5.3
CVSSv3
CVE-2023-41045
Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recomme...
Graylog Graylog
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »