Lucene search
K

217 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/31 4:15 a.m.4 views

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

9.8CVSS5.9AI score0.00636EPSS
Exploits1References2
Veracode
Veracode
added 2023/10/30 11:49 a.m.133 views

Denial Of Service (DoS)

elasticsearch is vulnerable to Denial of service attack. The vulnerability is due to the search API which allows specially crafted query strings to cause a stack overflow...

7.5CVSS6.9AI score0.60679EPSS
Exploits4References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/26 6:30 p.m.79 views

Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service...

7.5CVSS7.4AI score0.60679EPSS
Exploits4References5Affected Software1
OSV
OSV
added 2023/10/26 6:15 p.m.3 views

UBUNTU-CVE-2023-31419

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

7.5CVSS6.7AI score0.60679EPSS
Exploits4References4
CNNVD
CNNVD
added 2023/09/24 12:0 a.m.4 views

Elasticsearch Buffer Error Vulnerability

Elasticsearch is a search engine based on the Lucene library. Elasticsearch suffers from a buffer error vulnerability that stems from the search API allowing specially crafted query strings to cause a stack overflow and ultimately a denial of service...

7.5CVSS7.1AI score0.60679EPSS
Exploits4References6
Elastic
Elastic
added 2023/09/18 8:40 p.m.6 views

Elasticsearch 8.9.1 / 7.17.13 Security Update

Elasticsearch StackOverflow vulnerability ESA-2023-14 A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Affected Versions: Elasticsearch versions from 7.0.0 to 7.17.12 and fr...

7.5CVSS7.4AI score0.60679EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2023/09/15 1:15 a.m.4 views

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References3
OSV
OSV
added 2023/09/15 1:15 a.m.5 views

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...

9.8CVSS5.8AI score0.00666EPSS
Exploits1References2
OSV
OSV
added 2023/07/20 12:30 a.m.15 views

GHSA-V5FM-HR72-27HX Nomad Search API Leaks Information About CSI Plugins

A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

5.3CVSS5.1AI score0.0047EPSS
Exploits0References5
NVD
NVD
added 2023/07/20 12:15 a.m.25 views

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5.3CVSS5.2AI score0.0047EPSS
Exploits0References1
OSV
OSV
added 2023/07/20 12:15 a.m.3 views

UBUNTU-CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5.3CVSS5.7AI score0.0047EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/07/20 12:15 a.m.23 views

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5.3CVSS6AI score0.0047EPSS
Exploits0References2
Prion
Prion
added 2023/07/20 12:15 a.m.22 views

Denial of service

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5CVSS5.2AI score0.0047EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/19 11:35 p.m.2516 views

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise expose a vulnerability (CVE-2023-3300) where the HTTP search API can reveal names of available CSI plugins to unauthenticated users or those without the plugin:read policy. Affected versions are Nomad/Nomad Enterprise 0.11.0 through 1.5.6 and 1.4.1. The issue ...

5.3CVSS5.2AI score0.0047EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/19 11:35 p.m.13 views

CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5.3CVSS6.8AI score0.0047EPSS
Exploits0References1
OSV
OSV
added 2023/07/19 11:35 p.m.12 views

CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

5.3CVSS6.1AI score0.0047EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/07/19 11:35 p.m.50 views

CVE-2023-3300

Removed by vendor...

5.3CVSS5.4AI score0.0047EPSS
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/19 11:19 p.m.8 views

Nomad Search API Leaks Information About CSI Plugins

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0...

5.3CVSS6.2AI score0.0047EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.3 views

PT-2023-24131 · Hashicorp +1 · Hashicorp Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.11.0 through 1.5.6 HashiCorp Nomad and Nomad Enterprise version 1.4.1 Description: A vulnerability in the HTTP search API can reveal names of available CSI plugins to unauthenticated users or...

5.3CVSS5.1AI score0.0047EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2023/04/27 5:9 p.m.42 views

SQL Injection in Admin Search Find API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

8.8CVSS7.6AI score0.00724EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder