Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of index rollover requests when an explicit target index name is provided. An attacker can create a new index with an unauthorized name by exploiting insufficient access control checks on the targ...

EUVD-2014-0155

Malware in sbrugna...

Code injection

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

SUSE CVE-2014-0062

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

UBUNTU-CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...