Fluent Bit contains five vulnerabilities, including stack buffer overflow, auth bypass, and path traversal

Overview Fluent Bit is a logging and metrics processor and forwarder that is used in a variety of cloud and container networking environments. Several vulnerabilities in Fluent Bit have been discovered that could allow for authentication bypass, remote code execution RCE and denial of service DoS...

EUVD-2022-5343

Malicious code in bioql PyPI...

EUVD-2022-2178

Malicious code in bioql PyPI...

EUVD-2022-51062

Malicious code in bioql PyPI...

CVE-2022-48363

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...

MAL-2024-2983 Malicious code in sapling-output-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e The OpenSSF Package Analysis project identified 'sapling-output-plugin' @ 2.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in sapling-output-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a9881410b4e7132728272d0e75bae0fdd73429bc2b8a936a6e723a03d61efc7e The OpenSSF Package Analysis project identified 'sapling-output-plugin' @ 2.0.0 npm as malicious. It is considered malicious because: - The...

Malicious Package

Overview sapling-output-plugin is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

SUSE CVE-2015-4152

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

PT-2022-36741 · Git +1 · Radare2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write crash. The crash state involves several functions: io memory read, r io plugin read, and r io desc...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE

Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

CVE-2016-10362

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

CVE-2016-10362

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

CVE-2016-10362

Summary: CVE-2016-10362 affects Logstash prior to 5.0.1, where the Elasticsearch Output plugin could log HTTP basic auth credentials to a file when updating connections after sniffing. This is an information disclosure vulnerability affecting the plugin behavior in Logstash’s core workflow. Impac...

Logstash Logs Sensitive Information

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...