61 matches found
EUVD-2021-0675
Malware in sbrugna...
EUVD-2021-1442
Malware in sbrugna...
EUVD-2021-0657
Malware in sbrugna...
EUVD-2022-4199
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-7020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly...
Linux Distros Unpatched Vulnerability : CVE-2021-22137
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not...
Linux Distros Unpatched Vulnerability : CVE-2021-22135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and...
Linux Distros Unpatched Vulnerability : CVE-2021-22134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not...
BIT-ELASTICSEARCH-2021-22134
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...
BIT-ELASTICSEARCH-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
BIT-ELASTICSEARCH-2021-22137
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
SUSE CVE-2020-7020
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...
SUSE CVE-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
elasticsearch: Document disclosure flaw when Document or Field Level Security is used
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.7 security update
Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...
elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the...
CVE-2021-22135
Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...
CVE-2022-26159
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml and similar pathnames for other languages, which contain all characters typed by all users, including the content of private...
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
...