CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-17148

Malware in sbrugna...

9.3CVSS8.9AI score0.01057EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-9288

Malicious code in bioql PyPI...

3.6CVSS4.9AI score0.00049EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:45 a.m.•1 views

SUSE CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...

8.8CVSS8.7AI score0.00411EPSS

Exploits0References3

Cvelist•added 2021/05/13 5:35 p.m.•20 views

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

4.1AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2021/03/25 3:23 p.m.•26 views

CVE-2021-22136

4CVSS3.4AI score0.00049EPSS

Exploits0References4

Veracode•added 2019/07/08 4:20 p.m.•28 views

Privilege Escalation

elasticsearch is vulnerable to privilege escalation. An attacker is able to gain additional permissions against a restricted index due to failure to perform certain permission checks when xpack.security.dlsfls.enabled is configured with false value in the elasticsearch.yml file...

8.1CVSS7.9AI score0.00771EPSS

Exploits0References2Affected Software1

Veracode•added 2019/03/26 4:6 a.m.•26 views

Arbitrary Code Execution

kibana is vulnerable to arbitrary code execution. The vulnerability exists due to a flaw which allows an attacker to send a malicious request to execute Javascript code since xpack.security.audit.enabled in the kibana.yml is set to true by default, leading to arbitrary code execution on the host...

9CVSS9.5AI score0.01057EPSS

Exploits0References4Affected Software1

ArchLinux•added 2019/02/25 12:0 a.m.•29 views

[ASA-201902-27] elasticsearch: privilege escalation

Arch Linux Security Advisory ASA-201902-27 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7611 Package : elasticsearch Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-912 Summary ======= The package elasticsearch...

8.1CVSS1.3AI score0.00771EPSS

Exploits0References3

OSV•added 2018/03/30 8:29 p.m.•3 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS5.8AI score

Exploits0References1

OSV•added 2017/06/05 2:29 p.m.•0 views

CVE-2017-8441

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias...

4.3CVSS5.8AI score0.00133EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by