Lucene search
K

437 matches found

CNNVD
CNNVD
added 2025/05/06 12:0 a.m.5 views

Elastic Logstash 安全漏洞

Elastic Logstash is a suite of log analysis and monitoring tools from Dutch company Elastic. A security vulnerability exists in Elastic Logstash versions prior to 9.0.1 that stems from improper certificate validation and could lead to a man-in-the-middle attack...

6.5CVSS6.2AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.5 views

PT-2025-19904 · Logstash · Logstash

Name of the Vulnerable Software and Affected Versions: Logstash affected versions not specified Description: The issue is related to improper certificate validation in Logstash's TCP output, which could lead to a man-in-the-middle MitM attack in "client" mode. This occurs because hostname...

6.5CVSS5.9AI score0.00145EPSS
Exploits0References8
Elastic
Elastic
added 2025/05/01 10:10 a.m.9 views

Logstash 8.15.3 Security Update (ESA-2024-38)

Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...

9.2CVSS7.7AI score0.03256EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 1:28 p.m.24 views

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)

Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...

9.2CVSS8.4AI score0.03256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 12:51 p.m.8 views

Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)

Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...

5.4CVSS5.4AI score0.00646EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/23 6:16 a.m.17 views

Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)

Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...

5.3CVSS6.7AI score0.00795EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/14 10:22 a.m.24 views

Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)

Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...

7.5CVSS6.8AI score0.01241EPSS
Exploits0Affected Software1
Elastic
Elastic
added 2025/04/08 3:58 p.m.9 views

Logstash 8.15.3, 8.16.0 Security Update (ESA-2024-48)

Logstash Inefficient Regular Expression Complexity ESA-2024-48 On October 28th, 2024, Ruby announced CVE-2024-49761 in rexml which can lead to ReDoS when parsing XML that has many digits between & and x...; in a hex numeric character reference &x...;. The issue only affects users that use the...

8.7CVSS6.9AI score0.01429EPSS
Exploits0
Elastic
Elastic
added 2025/04/08 3:56 p.m.9 views

Logstash 8.15.1 Security Update (ESA-2024-35)

Logstash Uncontrolled Resource Consumption vulnerability ESA-2024-35 On August 19, 2024, Floraison announced CVE-2024-43380, which affects fugit "natural" parser. The parser turns natural language into a cron date and was found to accept any length of input, causing an uncontrolled resource...

7.5CVSS7AI score0.00792EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/20 4:12 a.m.12 views

GHSA-R3W4-36X6-7R99 vulnerabilities

Vulnerabilities for packages: logstash-jre-bcfips...

7.5AI score
Exploits0
Chainguard
Chainguard
added 2025/03/04 4:15 p.m.11 views

CVE-2025-27111 vulnerabilities

Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby4.0-rack, ruby3.2-rack, logstash...

7.5CVSS6.7AI score0.00699EPSS
Exploits0
Wolfi
Wolfi
added 2025/03/04 4:15 p.m.27 views

CVE-2025-27111 vulnerabilities

Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby3.2-rack, logstash, ruby4.0-rack...

7.5CVSS6.7AI score0.00699EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/04 3:27 p.m.5 views

GHSA-8CGQ-6MH2-7J6V vulnerabilities

Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby4.0-rack, ruby3.2-rack, logstash...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/03/04 3:27 p.m.7 views

GHSA-8CGQ-6MH2-7J6V vulnerabilities

Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby3.2-rack, logstash, ruby4.0-rack...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 9:51 a.m.20 views

Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)

Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

6.5CVSS6.6AI score0.01129EPSS
Exploits0Affected Software1
Wolfi
Wolfi
added 2025/02/19 10:17 p.m.29 views

GHSA-5MWF-688X-MR7X vulnerabilities

Vulnerabilities for packages: logstash...

7.5AI score
Exploits0
Chainguard
Chainguard
added 2025/02/19 10:17 p.m.5 views

GHSA-5MWF-688X-MR7X vulnerabilities

Vulnerabilities for packages: logstash...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.27 views

Bootiful Spring Boot 3.4: Spring Boot

And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...

7.5AI score
Exploits0
Chainguard
Chainguard
added 2024/11/19 9:30 a.m.5 views

GHSA-2X2G-32R7-P4X8 vulnerabilities

Vulnerabilities for packages: prometheus-jmx-exporter, druid, apache-nifi, thingsboard, strimzi-kafka-operator, logstash...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2024/11/19 9:15 a.m.14 views

CVE-2024-31141 vulnerabilities

Vulnerabilities for packages: prometheus-jmx-exporter, druid, apache-nifi, thingsboard, strimzi-kafka-operator, logstash...

6.5CVSS6.7AI score0.01129EPSS
Exploits0
Rows per page
Query Builder