Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.6 views

Kibana 8.x < 8.19.13 / 9.x < 9.2.7 / 9.3.x < 9.3.2 DoS (ESA-2026-20)

The version of Kibana installed on the remote host is prior to 8.19.13, 9.2.7, or 9.3.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-20 advisory. - Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17402

Malware in sbrugna...

7.5CVSS7.6AI score0.01383EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8910

Malware in sbrugna...

6.1CVSS6.3AI score0.0083EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2016-1546

Malware in sbrugna...

6.5CVSS6.5AI score0.00986EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-35726

Malicious code in bioql PyPI...

9.9CVSS8.5AI score0.00957EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.10 views

Kibana 8.x < 8.11.1 Insertion of Sensitive Information into Log File

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error. Note that the scanner has not tested for these issues but has...

8CVSS6.9AI score0.00656EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.6 views

Kibana 8.x < 8.11.2 Insertion of Sensitive Information into Log File

According to its self-reported version number, the Kibana application running on the remote host is 7.13.x prior to 7.17.16 or 8.x prior to 8.11.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error or in the event where debug level...

8CVSS7AI score0.00608EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/05 12:0 a.m.9 views

PT-2025-9821

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...

9.9CVSS7.9AI score0.01218EPSS
Exploits0References24
Prion
Prion
added 2023/10/26 2:15 a.m.23 views

Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

5CVSS7.5AI score0.00656EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/04 12:0 a.m.9 views

CVE-2023-31415

Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of t...

9AI score0.00957EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/02/20 12:0 a.m.13 views

Elastic Kibana 7.0.0 < 7.17.9, 8.0.0 < 8.6.2 Open Redirect Vulnerability (ESA-2023-03)

Kibana is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...

6.1CVSS6.3AI score0.00513EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.29 views

Kibana 8.0.0 < 8.1.3 Sensitive Information Exposure

According to its self-reported version number, the Kibana application running on the remote host is 7.2.1 prior to 7.17.2 or 8.0.0 prior to 8.1.3. It is, therefore, affected by : - A Sensitive Information Exposure related to Elastic Stack monitoring in the Kibana page source CVE-2022-23711 Note...

5.3CVSS5.3AI score0.00863EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.24 views

Kibana 6.7.0 < 7.7.0 Prototype Pollution

According to its self-reported version number, the Kibana application running on the remote host is 6.7.0 prior to 7.0.0. It is, therefore, affected by : - A Prototype Pollution in Upgrade Assistant CVE-2020-7012 - A Prototype Pollution in TSVB visualizartion CVE-2020-7013 Note that the scanner h...

8.8CVSS7.8AI score0.18211EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.30 views

Kibana 7.7.0 < 7.17.1 Insufficient Authorization

According to its self-reported version number, the Kibana application running on the remote host is 7.7.0 prior to 7.17.1 or 8.0.0. It is, therefore, affected by : - A missing authorization issue in which users with read access to the Uptime feature could modify alerting rules CVE-2022-23709 Note...

4.3CVSS4.5AI score0.00544EPSS
Exploits0References3
Elastic
Elastic
added 2020/07/27 5:9 p.m.8 views

Elastic Stack 6.8.11 and 7.8.1 security update

Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...

6.7CVSS8.2AI score0.0122EPSS
Exploits0
OSV
OSV
added 2020/01/13 9:38 a.m.13 views

SUSE-SU-2020:0081-1 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client

This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential...

7.5CVSS6.2AI score0.06457EPSS
Exploits0References12
Cvelist
Cvelist
added 2017/06/05 2:0 p.m.23 views

CVE-2017-8439

Kibana version 5.4.0 was affected by a Cross Site Scripting XSS bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users...

5.8AI score0.0099EPSS
Exploits0References3
Elastic
Elastic
added 2016/03/10 7:52 p.m.6 views

Kibana 4.4.2, 4.3.3, 4.1.6 - Updated node.js versions due to upstream vulnerabilities

Same deal as last month, but we've bumped all 3 version to node v4.3.2 to cover security issues in node.js. You can read their maintenance announcement here: https://nodejs.org/en/blog/release/v4.3.2/ Check out the blog post with release notes or grab the latest version...

7.1AI score
Exploits0
Rows per page
Query Builder