MAL-2026-3350 Malicious code in @rivianlabs/dt-lib-lumberjack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf3a31f76f8c2e22a2792aee30736347d17fe5872cb69c7edaecc7728aa6190 The package @rivianlabs/dt-lib-lumberjack was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @rivianlabs/dt-lib-lumberjack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf3a31f76f8c2e22a2792aee30736347d17fe5872cb69c7edaecc7728aa6190 The package @rivianlabs/dt-lib-lumberjack was found to contain malicious code. Source: ossf-package-analysis...

MAL-2024-2642 Malicious code in lumberjack (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

Critical ‘Linguistic Lumberjack’ Flaw in Fluent Bit Hits Major Cloud Providers

...

Fluent Bit Tool Vulnerability Threatens Billions of Cloud Deployments

By Deeba Ahmed "Linguistic Lumberjack" Threatens Data Breaches CVE-2024-4323. Patch now to shield your cloud services from information disclosure, denial-of-service, or even remote takeover. This is a post from HackRead.com Read the original post: Fluent Bit Tool Vulnerability Threatens Billions ...

MAL-2023-71 Malicious code in @xivart/lumberjack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f203711f501c596ad42c4dc9e33cff6c6c3bb192e0859082482ae737bdbb77c Invalid Advisory This advisory has been withdrawn as the ownership has been transferred to a valid owner organization. This link is maintained to preserv...

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:GHSA-W47J-HQPF-QW9W...

Elastic Logstash 'CVE-2015-5619' Man in the Middle Security Bypass Vulnerability - Linux

Elastic Logstash is prone to a security bypass vulnerability. This VT has been deprecated and merged into the VT VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elastic Logstash 'CVE-2015-5619' Man in the Middle Security Bypass Vulnerability

Elastic Logstash is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:logstash";...

Elastic Logstash 'CVE-2015-5378' Man in the Middle Security Bypass Vulnerability - Linux

Elastic Logstash is prone to a security bypass vulnerability. This VT has been deprecated and merged into the VT VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elastic Logstash 'CVE-2015-5378' Man in the Middle Security Bypass Vulnerability

Elastic Logstash is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:logstash";...

CVE-2015-5619

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack...

Lightweight Lumberjack Log Indexer: LogZoom

LogZoom is a lightweight, Lumberjack-compliant log indexer based off the fine work of Hailo’s Logslam . It accepts the Lumberjack v2 protocol, which is currently supported by Elastic’s Filebeat . It was written with the intention of being a smaller, efficient, and more reliable replacement for...

Logstash vulnerability CVE-2015-5619

Summary: Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security issue which allows an attacker to successfully implement a man in the middle attack. This vulnerability is not present in the initial installation of Logstash. This insecurity is exposed when users configure Lumberjac...

Logstash: Man-In-The Middle attack

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack...

FreeBSD : logstash -- SSL/TLS vulnerability with Lumberjack input (c470bcc7-33fe-11e5-a4a5-002590263bf5)

Elastic reports : Vulnerability Summary: All Logstash versions prior to 1.5.2 that use Lumberjack input in combination with Logstash Forwarder agent are vulnerable to a SSL/TLS security issue called the FREAK attack. This allows an attacker to intercept communication and access secure data. Users...

Logstash vulnerability CVE-2015-5378

Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and...

logstash -- SSL/TLS vulnerability with Lumberjack input

Elastic reports: Vulnerability Summary: All Logstash versions prior to 1.5.2 that use Lumberjack input in combination with Logstash Forwarder agent are vulnerable to a SSL/TLS security issue called the FREAK attack. This allows an attacker to intercept communication and access secure data. Users...

Logstash SSL/TLS FREAK Vulnerability CVE-2015-5378

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash...

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...