Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-1000222
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
Elastic Logstash
NA
CVE-2022-38775
An issue exists in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endpoint Security
NA
CVE-2022-38779
An open redirect issue exists in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Elastic Kibana
6.8
CVSSv2
CVE-2019-7611
A permission issue was found in Elasticsearch versions prior to 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to fa...
Elastic Elasticsearch
5
CVSSv2
CVE-2019-7613
Winlogbeat versions prior to 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
Elastic Winlogbeat
4
CVSSv2
CVE-2019-7616
Kibana versions prior to 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could p...
Elastic Kibana
1 Github repository
5
CVSSv2
CVE-2019-7620
Logstash versions prior to 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop resp...
Elastic Logstash
4.3
CVSSv2
CVE-2019-7614
A race condition flaw was found in the response headers Elasticsearch versions prior to 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an malicious user to gain access to response header containing sensitive dat...
Elastic Elasticsearch
NA
CVE-2021-37937
An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server s...
Elastic Elasticsearch
4
CVSSv2
CVE-2021-37939
It exists that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could uti...
Elastic Kibana
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »