Vulnerabilidades em Elastic

233 resultados
CVE-2019-7620Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who isEPSS 1.5%CVE-2019-7617When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attackerEPSS 1.5%CVE-2018-17244Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active DirEPSS 1.5%CVE-2019-7618A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into CodEPSS 1.5%CVE-2020-7010Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able toEPSS 1.4%CVE-2017-11480Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening fEPSS 1.4%CVE-2017-8452Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and willEPSS 1.4%CVE-2018-17247Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing exteEPSS 1.4%CVE-2019-7608Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive infoEPSS 1.3%CVE-2019-7613Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entryEPSS 1.3%CVE-2016-10363Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX EPSS 1.3%CVE-2020-7021Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is EPSS 1.3%CVE-2018-17245Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PEPSS 1.3%CVE-2021-22140Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawleEPSS 1.3%CVE-2024-37285CRITICALKibana arbitrary code execution via YAML deserializationEPSS 1.3%CVE-2021-22132Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search wilEPSS 1.2%CVE-2023-31418HIGHElasticsearch uncontrolled resource consumptionEPSS 1.2%CVE-2020-7017In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or crEPSS 1.2%CVE-2025-25015CRITICALKibana arbitrary code execution via prototype pollutionEPSS 1.2%CVE-2020-7019In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a uEPSS 1.2%