Lucene search
K

102 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2020-28153

Malware in sbrugna...

4.8CVSS6.2AI score0.01085EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-17151

Malware in sbrugna...

4.9CVSS5AI score0.02138EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:54 a.m.20 views

BIT-KIBANA-2020-7016

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...

4.8CVSS5.5AI score0.01085EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:51 a.m.24 views

BIT-ELK-2020-7016

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...

4.8CVSS5.5AI score0.01085EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2023/09/15 6:54 p.m.66 views

Metasploit Weekly Wrap-Up

Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...

10CVSS9.8AI score0.99949EPSS
Exploits106
0day.today
0day.today
added 2023/09/11 12:0 a.m.365 views

Kibana Timelion Prototype Pollution Remote Code Execution Exploit

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...

10CVSS9.8AI score0.95338EPSS
Exploits12
Metasploit
Metasploit
added 2023/09/08 7:52 p.m.860 views

Kibana Timelion Prototype Pollution RCE

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the...

10CVSS8.6AI score0.95338EPSS
Exploits12
Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.669 views

Kibana Timelion Prototype Pollution Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Timelion Prototype Pollution RCE', 'Description' = %q Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in...

10CVSS7.1AI score0.95338EPSS
Exploits12
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.63 views

K54184111: Kibana vulnerability CVE-2019-7609

Security Advisory Description Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker...

10CVSS8.7AI score0.95338EPSS
Exploits12
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.6 views

SUSE CVE-2017-11479

Kibana versions prior to 5.6.1 had a cross-site scripting XSS vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS5.7AI score0.01071EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.5 views

SUSE CVE-2019-7609

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...

10CVSS9.7AI score0.95338EPSS
Exploits12References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.5 views

SUSE CVE-2019-7616

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery SSRF flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an...

4.9CVSS8.1AI score0.02138EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.1 views

SUSE CVE-2020-7016

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...

4.8CVSS8.1AI score0.01085EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.33 views

Kibana 5.0.0 < 5.6.1 Cross-Site Scripting

According to its self-reported version number, the Kibana application running on the remote host is 5.0.0 prior to 5.6.1. It is, therefore, affected by the following vulnerabilities: - A cross-site scripting XSS in Timelion that could allow an attacker to obtain sensitive information from or...

6.1CVSS6.2AI score0.01071EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/10 12:0 a.m.15 views

Kibana Arbitrary Code Execution

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

10CVSS4.3AI score0.95338EPSS
In wildExploits12
GithubExploit
GithubExploit
added 2021/08/24 4:38 a.m.120 views

Exploit for Code Injection in Elastic Kibana

CVE-2019-7609 Kibana versions before 5.6.15 and 6.6.1 contain...

10CVSS8.6AI score0.95338EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2021/05/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-7609

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

10CVSS7.6AI score0.95338EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2020/08/04 5:13 a.m.29 views

CVE-2020-7016

A flaw was found in kibana’s Timelion component. This flaw allows an attacker to construct a URL that can lead to the kibana process consuming large amounts of CPU and becoming unresponsive when viewed by a kibana user. The highest threat from this vulnerability is to system availability...

2.1CVSS5.8AI score0.01085EPSS
Exploits0References5
Veracode
Veracode
added 2020/07/28 4:20 a.m.23 views

Denial Of Service (DoS)

kibana is vulnerable to denial of service DoS. The vulnerability exists as the timelion labels could be used to cause slowdowns when parsed through the RegExp object...

4.8CVSS5.5AI score0.01085EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/07/27 6:15 p.m.24 views

CVE-2020-7016

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive...

4.8CVSS6.5AI score0.01085EPSS
Exploits0References3
Rows per page
Query Builder