Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2022-23711
A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on the health and performance of your Elasticsearch cluster. Authentication with a vulnerabl...
Elastic Kibana
642
VMScore
CVE-2022-23714
A local privilege escalation (LPE) issue exists in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endpoint Security
383
VMScore
CVE-2021-22135
Elasticsearch versions prior to 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level s...
Elastic Elasticsearch
383
VMScore
CVE-2021-22138
In Logstash versions after 6.4.0 and prior to 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could ...
Elastic Logstash
356
VMScore
CVE-2021-22147
Elasticsearch prior to 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Elastic Elasticsearch
NA
CVE-2022-38775
An issue exists in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
Elastic Endpoint Security
570
VMScore
CVE-2015-4152
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash prior to 1.4.3 allows remote malicious users to write to arbitrary files via vectors related to dynamic field references in the path option.
Elastic Logstash
578
VMScore
CVE-2020-7009
Elasticsearch versions from 6.7.0 prior to 6.8.8 and 7.0.0 prior to 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with ele...
Elastic Elasticsearch
578
VMScore
CVE-2020-7012
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to a...
Elastic Kibana
578
VMScore
CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an ...
Elastic Elasticsearch
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »