CVE-2022-38777

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

EUVD-2022-41340

Malicious code in bioql PyPI...

EUVD-2022-28650

Malicious code in bioql PyPI...

EUVD-2022-41338

Malicious code in bioql PyPI...

EUVD-2023-50859

Malicious code in bioql PyPI...

EUVD-2022-41337

Malicious code in bioql PyPI...

PT-2025-34170 · Elastic Nv · Endpoint Detection/Response

Уязвимость драйвера elastic-endpoint-driver.sys программного средства для защиты конечных точек Elastic Endpoint Detection and Response EDR связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код и вызвать отказ в обслуживании...

CVE-2022-23714

A local privilege escalation LPE issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2022-38774

An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2022-38775

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...

CVE-2023-46669 Elastic Agent / Elastic Endpoint Security local API key disclosure

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

Elastic Agent / Elastic Endpoint Security Security Update (ESA-2025-03)

Elastic Agent / Elastic Endpoint Security local API key disclosure ESA-2025-03 Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was...

CVE-2023-46668

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

Default configuration

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

CVE-2023-46668

CVE-2023-46668 affects Elastic Endpoint versions 7.9.0 through 8.10.3. When Endpoint is configured with a non-default option that enables debug logging and Elastic Agent is also configured to collect and ship those logs to Elasticsearch, API keys used by Elastic Agent can be viewed in Elasticsear...

CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

Elastic Endpoint Security Log Information Disclosure Vulnerability

Elastic Endpoint Security is an endpoint security solution from Elastic. A log message disclosure vulnerability exists in Elastic Endpoint Security versions v7.9.0 through v8.10.3, which stems from an API key that allows it to be viewed in plain text...

Endpoint v8.10.4 Security Update

Elastic Endpoint Insertion of Sensitive Information into Log File ESA-2023-21 If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to...

PT-2023-6653 · Elastic · Agent +2

Name of the Vulnerable Software and Affected Versions: Elastic Endpoint versions 7.9.0 through 8.10.3 Description: The issue is related to insufficient protection of registration data in Elastic Endpoint, which can allow a remote attacker to disclose protected information. When Elastic Endpoint i...