9516 matches found
Improper Certificate Validation
Overview org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates...
CVE-2025-37731
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...
EUVD-2025-203360
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...
CVE-2025-37731
CVE-2025-37731 affects Elasticsearch PKI realm authentication: impersonation possible via specially crafted client certificates signed by a trusted CA. Affected: Elasticsearch 7.0.x before 8.19.8, 9.0.x before 9.1.8, 9.2.x before 9.2.2. Root cause is improper authentication in the PKI realm. Impa...
Elasticsearch 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-27)
Elasticsearch Improper Authentication ESA-2025-27 Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate...
FNT Command 安全漏洞
FNT Command is a data center infrastructure management platform from FNT Germany. A security vulnerability exists in FNT Command version 13.4.0 that stems from the presence of a directory traversal vulnerability...
PT-2025-51212
Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description A flaw exists in the PKI realm authentication process within Elasticsearch. This issue allows a malicious actor to impersonate users by presenting a specially crafted client certificate...
USN-7907-5: Linux kernel kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
USN-7907-5 linux-azure, linux-azure-4.15, linux-oracle, vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...
CVE-2025-67727
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permission...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7928-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7928-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...
USN-7928-3: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...
USN-7928-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...
USN-7928-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...
USN-7928-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...
USN-7922-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...
USN-7922-2 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...
Cybersecurity Performance Goals 2.0 for Critical Infrastructure
Today, CISA released updated Cross-Sector Cybersecurity Performance Goals CPG 2.0 with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity. This update incorporates lessons learned, aligns with the most recent National Institute of...
LLM-Assisted AHP for Explainable Cyber Range Evaluation
Cyber Ranges CRs have emerged as prominent platforms for cybersecurity training and education, especially for Critical Infrastructure CI sectors that face rising cyber threats. One way to address these threats is through hands-on exercises that bridge IT and OT domains to improve defensive...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7922-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7922-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...