Vulnerabilidades en Elastic

233 resultados

CVE-2021-22135—Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API EPSS 1.2%CVE-2021-22150MEDIUMKibana code execution issueEPSS 1.2%CVE-2021-22134—A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. EPSS 1.1%CVE-2017-8443—In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperlEPSS 1.1%CVE-2021-22137—In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. SearcEPSS 1.1%CVE-2020-7018—Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿EPSS 1.1%CVE-2020-7016—Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewedEPSS 1.1%CVE-2016-10362—Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth creEPSS 1.1%CVE-2018-3817—When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive informatioEPSS 1.0%CVE-2017-8438—Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitionEPSS 1.0%CVE-2016-10365—Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domaiEPSS 1.0%CVE-2018-3827—A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the reposEPSS 1.0%CVE-2024-37288CRITICALA deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted paEPSS 1.0%CVE-2021-22142MEDIUMKibana Reporting vulnerabilitiesEPSS 1.0%CVE-2019-7614—A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system withEPSS 1.0%CVE-2021-22147—Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated useEPSS 1.0%CVE-2021-22139—Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limitEPSS 1.0%CVE-2020-7020—Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search querEPSS 1.0%CVE-2017-8440—Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtainEPSS 1.0%CVE-2017-8439—Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker toEPSS 1.0%

← anteriorpágina 3 / 12siguiente →