Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-3337
Directory traversal vulnerability in Elasticsearch prior to 1.4.5 and 1.5.x prior to 1.5.2, when a site plugin is enabled, allows remote malicious users to read arbitrary files via unspecified vectors.
Elasticsearch Elasticsearch 1.5.0
Elasticsearch Elasticsearch 1.5.1
Elasticsearch Elasticsearch
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2015-1427
The Groovy scripting engine in Elasticsearch prior to 1.3.8 and 1.4.x prior to 1.4.3 allows remote malicious users to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Elasticsearch Elasticsearch 1.4.0
Elasticsearch Elasticsearch 1.4.1
Elasticsearch Elasticsearch 1.4.2
Elasticsearch Elasticsearch
2 EDB exploits
2 Nmap scripts
16 Github repositories
2 Articles
4.3
CVSSv2
CVE-2014-6439
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch prior to 1.4.0.Beta1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Elasticsearch Elasticsearch
7.5
CVSSv2
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.3.3
Elastic Logstash 1.1.11
Elastic Logstash 1.1.10
Elastic Logstash 1.1.3
Elastic Logstash 1.1.2
Elastic Logstash 1.2.2
Elastic Logstash 1.2.1
Elastic Logstash 1.1.7
Elastic Logstash 1.1.6
Elastic Logstash 1.1.0
Elastic Logstash 1.0.17
Elastic Logstash 1.4.0
Elastic Logstash 1.4.1
Elastic Logstash 1.0.14
Elastic Logstash 1.1.13
Elastic Logstash 1.1.12
Elastic Logstash 1.1.5
Elastic Logstash 1.1.4
Elastic Logstash 1.0.16
Elastic Logstash 1.0.15
Elastic Logstash 1.3.2
Elastic Logstash 1.3.1
6.8
CVSSv2
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog prior to 7.4.2 and prior to 7.5.2 devel, when errorfile is set to local logging, allows remote malicious users to cause a denial of service (crash) and possibly execu...
Rsyslog Rsyslog 7.3.7
Rsyslog Rsyslog 7.3.6
Rsyslog Rsyslog 7.3.5
Rsyslog Rsyslog 7.3.4
Rsyslog Rsyslog 7.1.10
Rsyslog Rsyslog 7.1.9
Rsyslog Rsyslog 7.1.8
Rsyslog Rsyslog 7.1.7
Rsyslog Rsyslog 7.1.6
Rsyslog Rsyslog 7.4.0
Rsyslog Rsyslog 7.3.15
Rsyslog Rsyslog 7.3.14
Rsyslog Rsyslog 7.3.13
Rsyslog Rsyslog 7.2.6
Rsyslog Rsyslog 7.2.5
Rsyslog Rsyslog 7.2.4
Rsyslog Rsyslog 7.2.3
Rsyslog Rsyslog 7.1.1
Rsyslog Rsyslog 7.1.0
Rsyslog Rsyslog 6.6.0
Rsyslog Rsyslog 6.5.1
Rsyslog Rsyslog
6.9
CVSSv2
CVE-2012-0056
The mem_write function in the Linux kernel prior to 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.
Linux Linux Kernel
2 EDB exploits
25 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10