107 matches found
Malicious code in test-mlw2-boule-beats (npm)
The package test-mlw2-boule-beats was found to contain malicious code...
MAL-2025-34997 Malicious code in test-mlw2-boule-beats (npm)
The package test-mlw2-boule-beats was found to contain malicious code...
Elastic Beats Filebeat Installed (Windows)
Binary data elasticbeatsfilebeatwininstalled.nbin...
Elastic Beats filebeat < 9.1.0 Privilege Escalation
The version of Elastic Beats filebeat installed on the remote host is prior to 9.1.0. It is, therefore, affected by a vulnerability. An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from...
The vulnerability of the agent installer for data collection and delivery in Elasticsearch or Logstash Elastic Beats allows a perpetrator to enhance their privileges.
The vulnerability of the agent installer for data collection and delivery in Elasticsearch or Logstash Elastic Beats is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the agent installer for data collection and delivery in Elasticsearch or Logstash Elastic Beats allows a perpetrator to enhance their privileges.
The vulnerability of the agent installer for data collection and delivery in Elasticsearch or Logstash Elastic Beats is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...
Beats (Windows Installer) 8.18.6, 8.19.3, 9.0.6, & 9.1.0 Security Update (ESA-2025-12)
Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation LPE when using the Windows Installer ESA-2025-12 An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
Inclusion of Functionality from Untrusted Control Sphere
Overview github.com/elastic/beats/v7 is a the Lightweight shippers for Elasticsearch & Logstash. Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via parameter injection in the osqueryd subprocess. Note: This is only exploitable if the...
Inclusion of Functionality from Untrusted Control Sphere
Overview github.com/elastic/beats is a the Lightweight shippers for Elasticsearch & Logstash. Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via parameter injection in the osqueryd subprocess. Note: This is only exploitable if the...
GHSA-M9Q8-9M2H-84GH vulnerabilities
Vulnerabilities for packages: beats, beats-fips...
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods 2nd generation and later, AirPods Pro all models, AirPods Max, Powerbeats Pro, and...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
CVE-2024-27867
Summary of CVE-2024-27867 (AirPods/Beats) : An authentication issue arises when headphones seek a connection request to a previously paired device, allowing a nearby attacker (Bluetooth range) to spoof the source device and gain access. Root cause per Apple advisory: improved state management fix...
PT-2024-22092
Name of the Vulnerable Software and Affected Versions AirPods versions prior to Firmware Update 6A326 AirPods versions prior to Firmware Update 6F8 Beats versions prior to Firmware Update 6F8 AirPods 2nd generation and later AirPods Pro all models AirPods Max Powerbeats Pro Beats Fit Pro...
GO-2023-2413 Sensitive information logged in github.com/elastic/beats/v7
Sensitive information logged in github.com/elastic/beats/v7...
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...