Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch elasticsearch vulnerabilities and exploits
(subscribe to this query)
795
VMScore
CVE-2015-1427
The Groovy scripting engine in Elasticsearch prior to 1.3.8 and 1.4.x prior to 1.4.3 allows remote malicious users to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Elasticsearch Elasticsearch 1.4.0
Elasticsearch Elasticsearch 1.4.1
Elasticsearch Elasticsearch 1.4.2
Elasticsearch Elasticsearch
2 EDB exploits
2 Nmap scripts
16 Github repositories
2 Articles
708
VMScore
CVE-2012-0056
The mem_write function in the Linux kernel prior to 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
Linux Linux Kernel
2 EDB exploits
25 Github repositories
1 Article
668
VMScore
CVE-2015-5377
Elasticsearch prior to 1.6.1 allows remote malicious users to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
Elastic Elasticsearch
4 Github repositories
668
VMScore
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
641
VMScore
CVE-2017-14730
The init script in the Gentoo app-admin/logstash-bin package prior to 5.5.3 and 5.6.x prior to 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard lin...
Elasticsearch Logstash 5.0.2
Elasticsearch Logstash 5.1.2
Elasticsearch Logstash 5.4.2
Elasticsearch Logstash 5.5.0
Elasticsearch Logstash 5.2.1
Elasticsearch Logstash 5.3.0
Elasticsearch Logstash 5.3.1
Elasticsearch Logstash 5.3.2
Elasticsearch Logstash 5.5.1
Elasticsearch Logstash 5.5.2
Elasticsearch Logstash 5.6.0
Elasticsearch Logstash 5.0.0
Elasticsearch Logstash 5.0.1
Elasticsearch Logstash 5.1.1
Elasticsearch Logstash 5.2.0
Elasticsearch Logstash 5.4.1
Elasticsearch Logstash 5.4.3
605
VMScore
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions before 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the respon...
Amazon Opensearch
605
VMScore
CVE-2019-7611
A permission issue was found in Elasticsearch versions prior to 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to fa...
Elastic Elasticsearch
605
VMScore
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
605
VMScore
CVE-2015-8131
Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana prior to 4.1.3 and 4.2.x prior to 4.2.1 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Elastic Kibana
Elastic Kibana 4.2.0
605
VMScore
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog prior to 7.4.2 and prior to 7.5.2 devel, when errorfile is set to local logging, allows remote malicious users to cause a denial of service (crash) and possibly execu...
Rsyslog Rsyslog 7.3.7
Rsyslog Rsyslog 7.3.6
Rsyslog Rsyslog 7.3.5
Rsyslog Rsyslog 7.3.4
Rsyslog Rsyslog 7.1.10
Rsyslog Rsyslog 7.1.9
Rsyslog Rsyslog 7.1.8
Rsyslog Rsyslog 7.1.7
Rsyslog Rsyslog 7.1.6
Rsyslog Rsyslog 7.4.0
Rsyslog Rsyslog 7.3.15
Rsyslog Rsyslog 7.3.14
Rsyslog Rsyslog 7.3.13
Rsyslog Rsyslog 7.2.6
Rsyslog Rsyslog 7.2.5
Rsyslog Rsyslog 7.2.4
Rsyslog Rsyslog 7.2.3
Rsyslog Rsyslog 7.1.1
Rsyslog Rsyslog 7.1.0
Rsyslog Rsyslog 6.6.0
Rsyslog Rsyslog 6.5.1
Rsyslog Rsyslog
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »