Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-17247
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted reques...
Elastic Elasticsearch 6.5.1
Elastic Elasticsearch 6.5.0
6.5
CVSSv3
CVE-2016-10364
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.
Elastic Kibana 5.0.1
Elastic Kibana 5.0.0
6.5
CVSSv3
CVE-2023-46666
An issue exists when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to al...
Elastic Elastic Sharepoint Online Python Connector
8.4
CVSSv3
CVE-2016-0392
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 up to and including 2.0.7 and Elastic Storage Server 2.5.x up to and including 2.5.5, 3.x prior to 3.5.5, and 4.x prior to 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via ...
Ibm General Parallel File System Storage Server 2.0.6
Ibm General Parallel File System Storage Server 2.0.5
Ibm Elastic Storage Server 2.5.5
Ibm Elastic Storage Server 2.5.4
Ibm Elastic Storage Server 3.0.1
Ibm Elastic Storage Server 3.0.0
Ibm Elastic Storage Server 4.0.1
Ibm Elastic Storage Server 4.0.0
Ibm General Parallel File System Storage Server 2.0.2
Ibm General Parallel File System Storage Server 2.0.1
Ibm Elastic Storage Server 2.5.1
Ibm Elastic Storage Server 2.5.0
Ibm Elastic Storage Server 3.0.4
Ibm Elastic Storage Server 3.5.2
Ibm Elastic Storage Server 3.5.1
Ibm General Parallel File System Storage Server 2.0.7
Ibm General Parallel File System Storage Server 2.0.0
Ibm Elastic Storage Server 3.0.5
Ibm Elastic Storage Server 3.0.3
Ibm Elastic Storage Server 3.0.2
Ibm Elastic Storage Server 3.5.0
Ibm Elastic Storage Server 4.0.2
8.1
CVSSv3
CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.
Elastic Azure Repository
Elastic Azure Repository 6.0.0
8.8
CVSSv3
CVE-2016-6651
The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) prior to 243; UAA 2.x prior to 2.7.4.8, 3.x prior to 3.3.0.6, and 3.4.x prior to 3.4.5; UAA BOSH prior to 11.7 and 12.x prior to 12.6; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21, and 1.8.x prior to 1.8.2; an...
Pivotal Software Cloud Foundry Ops Manager 1.7.7
Pivotal Software Cloud Foundry Ops Manager 1.7.6
Pivotal Software Cloud Foundry Ops Manager 1.8.0
Pivotal Software Cloud Foundry Elastic Runtime 1.8.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime 1.6.32
Pivotal Software Cloud Foundry Elastic Runtime 1.6.31
Pivotal Software Cloud Foundry Elastic Runtime 1.6.23
Pivotal Software Cloud Foundry Elastic Runtime 1.6.22
Pivotal Software Cloud Foundry Elastic Runtime 1.6.14
Pivotal Software Cloud Foundry Elastic Runtime 1.6.13
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.4
Pivotal Software Cloud Foundry Elastic Runtime 1.7.18
Pivotal Software Cloud Foundry Elastic Runtime 1.7.17
Pivotal Software Cloud Foundry Elastic Runtime 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime 1.7.9
Pivotal Software Cloud Foundry Elastic Runtime 1.7.1
Pivotal Software Cloud Foundry Elastic Runtime 1.7.0
Pivotal Software Cloud Foundry Ops Manager 1.7.11
Pivotal Software Cloud Foundry Ops Manager 1.7.10
Pivotal Software Cloud Foundry Ops Manager 1.7.3
8.8
CVSSv3
CVE-2016-4468
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) prior to 238; UAA 2.x prior to 2.7.4.4, 3.x prior to 3.3.0.2, and 3.4.x prior to 3.4.1; UAA BOSH prior to 11.2 and 12.x prior to 12.2; Elastic Runtime prior to 1.6.29 and 1.7.x prior to 1.7.7; and Ops Manager 1.7.x prior ...
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry
Pivotal Software Cloud Foundry Elastic Runtime 1.8.0
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Elastic Runtime 1.6.13
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.7.1
Pivotal Software Cloud Foundry Ops Manager 1.7.3
Pivotal Software Cloud Foundry Ops Manager 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.9
Pivotal Software Cloud Foundry Elastic Runtime 1.6.22
Pivotal Software Cloud Foundry Elastic Runtime 1.6.14
Pivotal Software Cloud Foundry Elastic Runtime 1.6.25
Pivotal Software Cloud Foundry Elastic Runtime 1.6.17
Pivotal Software Cloud Foundry Elastic Runtime 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.10
Pivotal Software Cloud Foundry Elastic Runtime 1.6.0
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.20
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
NA
CVE-2009-0390
Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, prior to 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.
Enomaly Elastic Computing Platform 2.1
Enomaly Elastic Computing Platform
1 EDB exploit
9.8
CVSSv3
CVE-2018-11052
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.
Dellemc Elastic Cloud Storage 3.2.0.1
Dellemc Elastic Cloud Storage 3.2.0.0
5.3
CVSSv3
CVE-2016-6636
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) prior to 242; UAA 2.x prior to 2.7.4.7, 3.x prior to 3.3.0.5, and 3.4.x prior to 3.4.4; UAA BOSH prior to 11.5 and 12.x prior to 12.5; Elastic Runtime prior to 1.6.40, 1.7.x prior to 1.7.21, and 1.8.x prior to ...
Pivotal Software Cloud Foundry Ops Manager 1.7.12
Pivotal Software Cloud Foundry Ops Manager 1.7.5
Pivotal Software Cloud Foundry Ops Manager 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.39
Pivotal Software Cloud Foundry Elastic Runtime 1.6.38
Pivotal Software Cloud Foundry Elastic Runtime 1.6.30
Pivotal Software Cloud Foundry Elastic Runtime 1.6.29
Pivotal Software Cloud Foundry Elastic Runtime 1.6.21
Pivotal Software Cloud Foundry Elastic Runtime 1.6.20
Pivotal Software Cloud Foundry Elastic Runtime 1.6.12
Pivotal Software Cloud Foundry Elastic Runtime 1.6.11
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.7.16
Pivotal Software Cloud Foundry Elastic Runtime 1.7.15
Pivotal Software Cloud Foundry Elastic Runtime 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime 1.7.6
Cloudfoundry Cloud Foundry Uaa Bosh
Pivotal Software Cloud Foundry Uaa 2.3.0
Pivotal Software Cloud Foundry Uaa 2.7.1
Pivotal Software Cloud Foundry Uaa 2.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »