Security Bulletin: vulerability in IBM Spectrum Symphony with Elasticsearch

Summary vulerability in IBM Spectrum Symphony with Elasticsearch Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION: A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. CWE:CWE-400:...

EUVD-2020-30208

Malware in sbrugna...

EUVD-2025-10263

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-52981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a...

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

...

CVE-2024-10241

Mattermost versions 9.5.x = 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

BIT-ELASTICSEARCH-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

Mattermost Server 9.11.x < 9.11.3, 10.0.x < 10.0.1, 10.1.0 (MMSA-2024-00385)

The version of Mattermost Server installed on the remote host is prior to 9.11.3, 10.0.1 or 10.1.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00385 advisory. - Mattermost versions 10.0.x = 10.0.0 and 9.11.x = 9.11.2 fail to properly query ElasticSearch when...

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...