108 matches found
SUSE CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
beats-boogies.nl Cross Site Scripting vulnerability OBB-3113479
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue...
GHSA-QRRC-WW9X-R43G vulnerabilities
Vulnerabilities for packages: beats, beats-fips...
GO-2022-0643 Denial of service in github.com/elastic/beats
A local attacker can cause a panic if they are able to send arbitrary traffic to a monitored port, due to an out of bounds read...
Beats 7.10.1 Security Update
Beats Denial of Service issue ESA-2020-16 A denial of service flaw when parsing malformed TLS public keys was discovered in Go, the language used to implement Beats. If Beats is configured to listen for Syslog over TLS, or if Beats is making outbound connections over HTTPS, a remote attacker coul...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Logstash (CVE-2019-7620)
Summary A security vulnerability affects IBM Cloud Private Vulnerability Details CVEID: CVE-2019-7620 DESCRIPTION: Elastic Logstash is vulnerable to a denial of service, caused by a flaw in the Beats input plugin. By sending a specially-crafted network packet, a remote attacker could exploit this...
CVE-2020-13401 vulnerabilities
Vulnerabilities for packages: beats, beats-fips...
Elastic Logstash Beats Input Plugin DoS Vulnerability (ESA-2019-14)
Elastic Logstash is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Denial Of Service (DoS)
logstash-input-beats is vulnerable to denial of service. The attack is due to a lack of proper handling of invalid compressed content, allowing an attacker to provide malicious compressed content to trigger the attack...
Denial Of Service(DoS)
Logstash is vulnerable to denial of service DoS. When an unauthenticated user is using Beats input plugin with Logstash and is able to connect to the port the Logstash beats input, malicious network packets sent by user could result in nonresponsiveness...
CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
Design/Logic Flaw
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
CVE-2019-7620
CVE-2019-7620 is a DoS in Elastic Logstash Beats input caused by processing specially crafted network packets. Affected releases include Logstash before 7.4.1 and 6.8.4. Remediation, where available in the connected docs, is to apply the security updates/fixes (e.g., Logstash patch versions 7.4.1...
CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
Elastic Stack 7.4.1 security update
Logstash Beats input denial of service flaw ESA-2019-14 A denial of service flaw was found in the Logstash beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop...
Elastic Stack 6.8.4 security update
Elasticsearch username disclosure flaw ESA-2019-13 A username disclosure flaw was found in Elasticsearch’s API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm. Affected Versions The following...
Imperva Cloud WAF and Graylog, Part II: How to Collect and Ingest SIEM Logs
This guide gives step-by-step guidance on how to collect and parse Imperva Cloud Web Application Firewall WAF, formerly Incapsula logs into the Graylog SIEM tool. Read Part I to learn how to set up a Graylog server in AWS and integrate with Imperva Cloud WAF. This guide assumes: You have a clean...
CVE-2018-20699 vulnerabilities
Vulnerabilities for packages: beats, beats-fips...
CVE-2018-7665
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beatsuploader.php or actions/photouploader.php, or the coverPhoto parameter to editaccount.php...