16 matches found
GHSA-WHRJ-4476-WVMP vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.2-rack, ruby3.4-rack, ruby4.0-rack, ruby3.4-rails, kube-fluentd-operator, logstash, ruby3.3-rack, ruby4.0-rails...
CVE-2019-7620
Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding...
CVE-2019-7612
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message...
Nagios Log Server 安全漏洞
Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2024R2.0.3, which stems from the embedded Logstash process running as root user, which could lead to an attacker...
EUVD-2016-1545
Malware in sbrugna...
EUVD-2016-1165
Malware in sbrugna...
EUVD-2015-5334
Malware in sbrugna...
EUVD-2015-4176
Malware in sbrugna...
EUVD-2019-17153
Malware in sbrugna...
EUVD-2021-9289
Malicious code in bioql PyPI...
CVE-2025-37730
CVE-2025-37730 concerns improper certificate validation in Logstash’s TCP output, enabling MitM in “client” mode due to hostname verification not occurring when ssl_verification_mode is set to full. Affected component is the Logstash TCP output plugin (logstash-output-tcp). The root cause is lack...
PT-2025-19904 · Logstash · Logstash
Name of the Vulnerable Software and Affected Versions: Logstash affected versions not specified Description: The issue is related to improper certificate validation in Logstash's TCP output, which could lead to a man-in-the-middle MitM attack in "client" mode. This occurs because hostname...
Vulnerabilities fixed in Elastic Kibana and Logstash
Elastic has fixed vulnerabilities in Kibana and Logstash. The vulnerability with reference CVE-2023-46671 is located in Kibana and allows an authenticated malicious party to obtain sensitive data from the log, such as api keys, user credentials and system credentials. The vulnerability with...
GHSA-8QHQ-RQ4J-8PRJ Elasticsearch Logstash allows remote attackers to execute arbitrary commands
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...
Elasticsearch Logstash Denial of Service Vulnerability
Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.3.3. A remote attacker can...
Logstash 1.4.2 Directory Traversal Vulnerability
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash. Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the...