Elasticsearch 8.18.8, 8.19.5, 9.0.8, 9.1.5 Security Update (ESA-2025-18)

Elasticsearch Insertion of sensitive information in log file ESA-2025-18 Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API Affected Versions: 7.x: All versions from 7.0.0 and u...

SUSE CVE-2019-7610

Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker...

Couchbase Server 竞争条件问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server 6.5.x and 6.6.x through 6.6.1, which stems from a crash condition...

The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service allows a perpetrator to execute arbitrary commands.

The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service is related to insufficient validation of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

kibana: Audit logging Remote Code Execution issue

An arbitrary code execution flaw was found in Kibana in versions prior to 5.6.15 and 6.6.1. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executi...