Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elastic vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2017-8447
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
Elastic X-pack 5.5.2
Elastic X-pack 5.3.1
Elastic X-pack 5.3.2
Elastic X-pack 5.3.3
Elastic X-pack 5.4.0
Elastic X-pack 5.5.0
Elastic X-pack 5.3.0
383
VMScore
CVE-2017-8440
Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an malicious user to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Elastic Kibana 5.3.2
Elastic Kibana 5.3.1
Elastic Kibana 5.3.0
Elastic Kibana 5.4.0
409
VMScore
CVE-2017-1304
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to p...
Ibm Elastic Storage Server 2.0.0
Ibm Elastic Storage Server 2.5.0
Ibm Elastic Storage Server 2.5.5
Ibm Elastic Storage Server 3.0.0
Ibm Elastic Storage Server 3.0.5
Ibm Elastic Storage Server 3.5.0
Ibm Elastic Storage Server 3.5.6
Ibm Elastic Storage Server 4.0.0
Ibm Elastic Storage Server 4.0.6
Ibm Elastic Storage Server 4.5.0
Ibm Elastic Storage Server 4.6.0
Ibm Elastic Storage Server 5.0.0
Ibm Elastic Storage Server 5.0.1
516
VMScore
CVE-2012-5781
Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary val...
Amazon Elastic Load Balancing 1.0.12.0
Amazon Elastic Load Balancing 1.0.10.0
Amazon Elastic Load Balancing 1.0.3.4
Amazon Elastic Load Balancing 1.0
Amazon Elastic Load Balancing -
Amazon Elastic Load Balancing 1.0.17.0
Amazon Elastic Load Balancing 1.0.15.1
Amazon Elastic Load Balancing 1.0.14.3
Amazon Elastic Load Balancing 1.0.11.1
Amazon Elastic Load Balancing 1.0.9.3
312
VMScore
CVE-2019-7618
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana sys...
Elastic Kibana 7.3.1
Elastic Kibana 7.3.0
Elastic Kibana 7.3.2
NA
CVE-2023-6687
An issue exists by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ...
Elastic Elastic Agent
NA
CVE-2023-49922
An issue exists by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic ...
Elastic Elastic Beats
445
VMScore
CVE-2016-6639
Cloud Foundry PHP Buildpack (aka php-buildpack) prior to 4.3.18 and PHP Buildpack Cf-release prior to 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.6.38 and 1.7.x prior to 1.7.19 and other products, place the .profile file in the htdocs directory, which m...
Cloudfoundry Php-buildpack
Pivotal Cloud Foundry Elastic Runtime 1.7.5
Pivotal Cloud Foundry Elastic Runtime 1.7.6
Pivotal Cloud Foundry Elastic Runtime 1.7.7
Pivotal Cloud Foundry Elastic Runtime 1.7.8
Pivotal Cloud Foundry Elastic Runtime 1.7.0
Pivotal Cloud Foundry Elastic Runtime 1.7.13
Pivotal Cloud Foundry Elastic Runtime 1.7.14
Pivotal Cloud Foundry Elastic Runtime 1.7.15
Pivotal Cloud Foundry Elastic Runtime 1.7.16
Pivotal Cloud Foundry Elastic Runtime 1.7.17
Pivotal Cloud Foundry Elastic Runtime 1.7.2
Pivotal Cloud Foundry Elastic Runtime 1.7.4
Pivotal Cloud Foundry Elastic Runtime 1.7.9
Pivotal Cloud Foundry Elastic Runtime 1.7.11
Pivotal Cloud Foundry Elastic Runtime 1.7.18
Pivotal Cloud Foundry Elastic Runtime 1.7.1
Pivotal Cloud Foundry Elastic Runtime 1.7.3
Pivotal Cloud Foundry Elastic Runtime 1.7.10
Pivotal Cloud Foundry Elastic Runtime 1.7.12
Pivotal Cloud Foundry Elastic Runtime
383
VMScore
CVE-2018-3825
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can conn...
Elastic Elastic Cloud Enterprise
312
VMScore
CVE-2018-3829
In Elastic Cloud Enterprise (ECE) versions before 1.1.4 it exists that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE ins...
Elastic Elastic Cloud Enterprise
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »