Filters

Software

elastic elasticsearch
12
elastic kibana
10
elastic logstash
7
elastic endpoint security
4
elastic enterprise search
3
elastic x-pack
3
elastic apm agent
2
elastic apm server
2
elastic elastic cloud enterprise
2
elastic endgame
2
elastic apm java agent
1
elastic apm-agent-ruby
1
elastic azure repository
1
elastic elastic agent
1
elastic elastic app search
1
elastic elastic beats
1
elastic elastic cloud on kubernetes
1
elastic elastic fleet server
1
elastic fleet server
1
elastic kibana reporting
1
elastic winlogbeat
1
elasticsearch logstash
1

Elastic Apm ServerAPM Server Insertion of Sensitive Information into Log File

high
7.5
EPSS
0.09%
First published (updated )
CVE-2024-23448

Elastic KibanaKibana Insertion of Sensitive Information into Log File

high
8
First published (updated )
CVE-2023-46675

Elastic KibanaKibana Insertion of Sensitive Information into Log File

high
8
First published (updated )
CVE-2023-46671

maven/org.elasticsearch:elasticsearch-hadoopElasticsearch-hadoop Unsafe Deserialization

high
7.8
First published (updated )
CVE-2023-46674

maven/org.elasticsearch:elasticsearchIt was identified that malformed scripts used in the script processor of an Ingest Pipeline could ca…

high
7.5
First published (updated )
CVE-2023-46673

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic ElasticsearchElasticsearch privilege escalation

high
8.8
First published (updated )
CVE-2021-37937

maven/co.elastic.apm:apm-agent-parentAPM Java Agent Local Privilege Escalation

high
7.8
First published (updated )
CVE-2021-37942

Elastic KibanaKibana Reporting vulnerabilities

high
8.8
First published (updated )
CVE-2021-22142

Elastic KibanaKibana code execution issue

high
7.2
First published (updated )
CVE-2021-22150

Elastic LogstashLogstash Insertion of Sensitive Information into Log File

high
8.4
First published (updated )
CVE-2023-46672

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic ElasticsearchElasticsearch Insertion of sensitive information in audit logs

high
7.5
First published (updated )
CVE-2023-31417

Elastic ElasticsearchElasticsearch uncontrolled resource consumption

high
7.5
First published (updated )
CVE-2023-31418

maven/org.elasticsearch:elasticsearchElasticsearch StackOverflow vulnerability

high
7.5
First published (updated )
CVE-2023-31419

Elastic Elastic BeatsBeats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue

high
7.5
First published (updated )
CVE-2023-31421

Elastic Fleet ServerFleet Server Insertion of Sensitive Information into Log File

high
8.1
First published (updated )
CVE-2023-46667

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic KibanaCode Injection

high
8.8
First published (updated )
CVE-2023-31414

Elastic KibanaCode Injection

high
8.8
First published (updated )
CVE-2023-31415

Elastic Endpoint SecurityAn issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which coul…

high
7.8
First published (updated )
CVE-2022-38777

Elastic Endpoint SecurityAn issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame f…

high
7.8
First published (updated )
CVE-2022-38774

Elastic Endpoint SecurityAn issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which coul…

high
7.8
First published (updated )
CVE-2022-38775

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic Endpoint SecurityA local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elast…

high
7.8
First published (updated )
CVE-2022-23714

Elastic ElasticsearchA Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticat…

high
7.5
First published (updated )
CVE-2022-23712

Elastic Apm AgentA local privilege escalation issue was found with the APM Java agent, where a user on the system cou…

high
7.8
First published (updated )
CVE-2021-37941

Elastic Enterprise SearchElastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API key…

high
8.8
First published (updated )
CVE-2021-22148

Elastic Enterprise SearchElastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API key…

high
8.8
First published (updated )
CVE-2021-22149

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic ElasticsearchAll versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default i…

high
7.5
First published (updated )
CVE-2021-22146

Elastic Elastic App SearchXEE

high
7.5
First published (updated )
CVE-2021-22140

Elastic Enterprise SearchElastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interfac…

high
8.8
First published (updated )
CVE-2020-7018

Elastic ElasticsearchThe fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and…

high
8.8
First published (updated )
CVE-2020-7014

Elastic KibanaCode Injection

high
8.8
First published (updated )
CVE-2020-7012

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic Elastic Cloud On KubernetesElastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random num…

high
7.5
First published (updated )
CVE-2020-7010

redhat/kibanaCode Injection

high
7.2
First published (updated )
CVE-2020-7013

Elastic ElasticsearchElasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation…

high
8.8
First published (updated )
CVE-2020-7009

Elastic LogstashLogstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats inpu…

high
7.5
First published (updated )
CVE-2019-7620

pip/elastic-apmInput Validation

high
7.2
First published (updated )
CVE-2019-7617

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic Apm-agent-rubyA TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. Whe…

high
7.4
First published (updated )
CVE-2019-7615

Elastic ElasticsearchA permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Secu…

high
8.1
First published (updated )
CVE-2019-7611

Elastic WinlogbeatWinlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to in…

high
7.5
First published (updated )
CVE-2019-7613

Elastic Azure RepositoryA sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticse…

high
8.1
First published (updated )
CVE-2018-3827

Elastic Elastic Cloud EnterpriseElastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability…

high
7.5
First published (updated )
CVE-2018-3828

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/elasticsearchInfoleak

high
8.8
First published (updated )
CVE-2018-3831

Elastic X-PackAn error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapp…

high
8.8
First published (updated )
CVE-2017-8448

Elasticsearch LogstashInfoleak

high
7.5
First published (updated )
CVE-2015-5378

Elastic LogstashLogstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting ma…

high
7.5
First published (updated )
CVE-2016-10363

Elastic LogstashLogstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will creat…

high
7.5
First published (updated )
CVE-2016-1000222

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Elastic Kibana ReportingCSRF

high
8.8
First published (updated )
CVE-2016-1000218

Elastic KibanaKibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cl…

high
7.5
First published (updated )
CVE-2017-8452

Elastic X-PackInfoleak

high
7.5
First published (updated )
CVE-2017-8450

Elastic KibanaKibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and author…

high
7.5
First published (updated )
CVE-2016-1000219

Elastic LogstashInfoleak

high
7.5
First published (updated )
CVE-2016-1000221

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203