Known Vulnerabilities for products from Graylog
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Graylog".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-41045 json | Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog... | 5.3 - MEDIUM | 2023-08-31 | 2023-09-06 |
| CVE-2023-41044 json | Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundl... | 3.8 - LOW | 2023-08-31 | 2023-09-06 |
| CVE-2023-41041 json | Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, ... | 3.1 - LOW | 2023-08-30 | 2023-09-05 |
| CVE-2021-37760 json | A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of th... | 9.8 - CRITICAL | 2021-07-31 | 2021-08-10 |
| CVE-2021-37759 json | A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level ... | 9.8 - CRITICAL | 2021-07-31 | 2021-08-10 |
| CVE-2020-15813 json | Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stor... | 8.1 - HIGH | 2020-07-17 | 2020-07-22 |
| CVE-2018-14380 json | In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and compon... | 6.1 - MEDIUM | 2018-07-18 | 2018-09-14 |
| CVE-2018-11651 json | Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashb... | 6.1 - MEDIUM | 2018-06-01 | 2018-06-27 |
| CVE-2018-11650 json | Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotifica... | 6.1 - MEDIUM | 2018-06-01 | 2018-06-27 |
Known software with vulnerabilities from Graylog
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Graylog | Graylog | 0.10.0 |