SUSE CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

Elastic Beats filebeat 7.0.x < 8.19.9 / 9.0.x < 9.1.9 / 9.2.x 9.2.3 Multiple Vulnerabilities

The version of Elastic Beats filebeat installed on the remote host is 7.0.x prior to 8.19.9, 9.0.x prior to 9.1.9, 9.2.x prior to 9.2.3. It is, therefore, affected by multiple vulnerabilities. - Improper Bounds Check CWE-787 in Packetbeat can allow a remote unauthenticated attacker to exploit a...

EUVD-2025-204418

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration...

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

GHSA-2MJ3-6GRC-PX38 Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

CVE-2025-68383

CVE-2025-68383 affects Filebeat Syslog parser and the Libbeat Dissect processor. A malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration can trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process. Exploitation det...

CVE-2025-68383 Filebeat Improper Validation of Specified Index, Position, or Offset in Input

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

CVE-2025-68383 Filebeat Improper Validation of Specified Index, Position, or Offset in Input

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

Filebeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-32)

Filebeat Improper Validation of Specified Index, Position, or Offset in Input ESA-2025-32 Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a...

Elastic Filebeat 安全漏洞

Elastic Filebeat is a lightweight data probe for forwarding and centralizing log data from Elastic Netherlands. A security vulnerability exists in Elastic Filebeat that stems from improper input validation and could lead to a buffer overflow and denial of service...

PT-2025-52365

Name of the Vulnerable Software and Affected Versions Filebeat affected versions not specified Libbeat affected versions not specified Description A flaw exists in the Syslog parser within Filebeat and the Dissect processor in Libbeat that allows for improper validation of input indexes, position...

EUVD-2023-35724

Malicious code in bioql PyPI...

Elastic Beats Filebeat Installed (Windows)

Binary data elasticbeatsfilebeatwininstalled.nbin...

Elastic Beats filebeat < 9.1.0 Privilege Escalation

The version of Elastic Beats filebeat installed on the remote host is prior to 9.1.0. It is, therefore, affected by a vulnerability. An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from...

CVE-2023-31413

Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled...

The vulnerability of the Elastick Stack Filebeat software, which logs log messages, is related to errors in input data in the httpjson format. As a result, the content of the http-request headers for Authorization or Proxy-Authorization may be logged in the debugging logs, allowing an intruder to access confidential information.

The vulnerability of the Elastick Stack Filebeat software for logging records is related to errors in the httpjson input data. As a result, the content of the http-request headers Authorization or Proxy-Authorization may be logged in the debugging logs. Exploiting this vulnerability can allow an...

ROS-20240726-08

Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: spire-server, bank-vaults, terragrunt, secrets-store-csi-driver-provider-azure, goreleaser, k8sgpt, buildkitd, flux-kustomize-controller, up, cosign, policy-controller, ksops, trino, thanos, opentelemetry-collector, sops, tempo, velero, rekor, cluster-autoscaler,...