15 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar Vulnerability Details CVEID:CVE-2024-52979 DESCRIPTION: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial...
CLEANSTART-2026-QW49365 Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial o...
Multiple security vulnerabilities affect the sonarqube package. Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of...
EUVD-2025-10257
Malicious code in bioql PyPI...
EUVD-2024-1021
Malicious code in bioql PyPI...
EUVD-2022-1497
Malicious code in bioql PyPI...
EUVD-2024-1914
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-23450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
CVE-2024-52979
A flaw was found in Elasticsearch. This flaw allows a remote attacker to trigger an application-level denial of service by sending specially crafted search templates that use Mustache functions. Mitigation Mitigation for this issue is either not available or the currently available options do not...
CVE-2024-52980
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...
BIT-ELASTICSEARCH-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...
CVE-2024-52980
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...
CVE-2024-52980
CVE-2024-52980 refers to an Elasticsearch vulnerability where a large recursion in the PatternBank.innerForbidCircularReferences function can crash a node. The issue requires a user with read_pipeline cluster privilege to trigger the condition, making it a resource-exhaustion risk (availability l...
CVE-2024-23450 Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
SUSE CVE-2022-23712
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request...
CVE-2022-23712
A flaw was found in Elasticsearch. This flaw allows an unauthenticated attacker to forcibly shut down an Elasticsearch node with a specifically formatted network request, affecting system availability...