Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elasticsearch vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-27816
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. Th...
Elastic Kibana
Redhat Openshift Container Platform 4.0
NA
CVE-2023-45585
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, v...
Fortinet Fortisiem 6.4.1
Fortinet Fortisiem 6.4.0
Fortinet Fortisiem 6.2.1
Fortinet Fortisiem 6.2.0
Fortinet Fortisiem 5.4.0
Fortinet Fortisiem
Fortinet Fortisiem 6.6.0
Fortinet Fortisiem 6.6.1
Fortinet Fortisiem 6.6.2
Fortinet Fortisiem 6.6.3
Fortinet Fortisiem 6.5.0
Fortinet Fortisiem 6.5.1
Fortinet Fortisiem 6.4.2
Fortinet Fortisiem 6.1.0
Fortinet Fortisiem 6.1.1
Fortinet Fortisiem 6.1.2
Fortinet Fortisiem 7.0.0
Fortinet Fortisiem 6.3.0
Fortinet Fortisiem 6.3.1
Fortinet Fortisiem 6.3.2
Fortinet Fortisiem 6.3.3
NA
CVE-2023-46667
An issue exists in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retr...
Elastic Fleet Server
5
CVSSv2
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Elastic Logstash
NA
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows malicious users to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Appsmith Appsmith 1.7.11
NA
CVE-2022-38656
HCL Commerce, when using Elasticsearch, can allow a remote malicious user to cause a denial of service attack on the site and make administrative changes.
Hcltechsw Hcl Commerce
NA
CVE-2021-37936
It exists that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would ...
Elastic Kibana
7.5
CVSSv2
CVE-2014-4326
Elasticsearch Logstash 1.0.14 up to and including 1.4.x prior to 1.4.2 allows remote malicious users to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Elastic Logstash 1.0.14
Elastic Logstash 1.0.15
Elastic Logstash 1.0.16
Elastic Logstash 1.0.17
Elastic Logstash 1.1.0.1
Elastic Logstash 1.1.2
Elastic Logstash 1.1.3
Elastic Logstash 1.1.4
Elastic Logstash 1.1.5
Elastic Logstash 1.1.6
Elastic Logstash 1.1.7
Elastic Logstash 1.1.8
Elastic Logstash 1.1.9
Elastic Logstash 1.1.10
Elastic Logstash 1.1.11
Elastic Logstash 1.1.12
Elastic Logstash 1.1.13
Elastic Logstash 1.2.1
Elastic Logstash 1.2.2
Elastic Logstash 1.3.0
Elastic Logstash 1.3.1
Elastic Logstash 1.3.2
6.8
CVSSv2
CVE-2013-4758
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog prior to 7.4.2 and prior to 7.5.2 devel, when errorfile is set to local logging, allows remote malicious users to cause a denial of service (crash) and possibly execu...
Rsyslog Rsyslog 6.5.1
Rsyslog Rsyslog 7.1.2
Rsyslog Rsyslog 7.3.13
Rsyslog Rsyslog 7.1.12
Rsyslog Rsyslog 7.2.5
Rsyslog Rsyslog 7.3.6
Rsyslog Rsyslog
Rsyslog Rsyslog 7.1.5
Rsyslog Rsyslog 6.6.0
Rsyslog Rsyslog 7.3.12
Rsyslog Rsyslog 7.2.6
Rsyslog Rsyslog 7.2.7
Rsyslog Rsyslog 7.1.6
Rsyslog Rsyslog 7.2.1
Rsyslog Rsyslog 7.1.8
Rsyslog Rsyslog 7.3.14
Rsyslog Rsyslog 7.3.1
Rsyslog Rsyslog 7.5.0
Rsyslog Rsyslog 6.4.2
Rsyslog Rsyslog 7.3.4
Rsyslog Rsyslog 7.3.3
Rsyslog Rsyslog 7.1.10
6.8
CVSSv2
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »