Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic elastic agent vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv2
CVE-2021-37941
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a hi...
Elastic Apm Agent
2.7
CVSSv2
CVE-2021-22133
The Elastic APM agent for Go versions prior to 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an a...
Elastic Apm Agent
1.9
CVSSv2
CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp fi...
Netty Netty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Quarkus Quarkus
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Nosql Database
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Trade Finance Process Management 14.2.0
Oracle Communications Messaging Server 8.1
Oracle Communications Design Studio 7.4.2
Oracle Communications Brm - Elastic Charging Engine 12.0.0.3
Netapp Snapcenter -
Netapp Active Iq Unified Manager -
Netapp Cloud Secure Agent -
7.2
CVSSv2
CVE-2021-3156
Sudo prior to 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Sudo Project Sudo 1.9.5
Sudo Project Sudo
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager Core Package -
Mcafee Web Gateway 8.2.17
Mcafee Web Gateway 9.2.8
Mcafee Web Gateway 10.0.4
Synology Diskstation Manager 6.2
Synology Diskstation Manager Unified Controller 3.0
Synology Skynas Firmware -
Synology Vs960hd Firmware -
Beyondtrust Privilege Management For Mac
Beyondtrust Privilege Management For Unix\\/linux
Oracle Micros Compact Workstation 3 Firmware 310
Oracle Micros Es400 Firmware
Oracle Micros Kitchen Display System Firmware 210
Oracle Micros Workstation 5a Firmware 5a
142 Github repositories
1 Article
6.4
CVSSv2
CVE-2019-7617
When the Elastic APM agent for Python versions prior to 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
Elastic Apm Agent
5.8
CVSSv2
CVE-2019-7615
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions prior to 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This...
Elastic Apm-agent-ruby
5
CVSSv2
CVE-2015-5378
Logstash 1.5.x prior to 1.5.3 and 1.4.x prior to 1.4.4 allows remote malicious users to read communications between Logstash Forwarder agent and Logstash server.
Elasticsearch Logstash 1.5.1
Elastic Logstash 1.4.1
Elastic Logstash 1.4.2
Elasticsearch Logstash 1.4.3
Elasticsearch Logstash 1.5.2
Elasticsearch Logstash 1.5.0
Elastic Logstash 1.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2