Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-7609 10.0
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly le
24-07-2024 - 16:58 25-03-2019 - 19:29
CVE-2020-7010 5.0
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the
10-02-2024 - 03:00 03-06-2020 - 18:15
CVE-2019-7616 4.0
Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an
03-03-2023 - 19:17 30-07-2019 - 22:15
CVE-2019-7614 4.3
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header co
03-03-2023 - 19:17 30-07-2019 - 22:15
CVE-2019-7615 5.8
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by th
03-03-2023 - 17:48 30-07-2019 - 22:15
CVE-2020-7016 2.1
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
16-11-2022 - 03:54 27-07-2020 - 18:15
CVE-2020-7017 4.6
In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of
07-10-2022 - 17:56 27-07-2020 - 18:15
CVE-2019-7611 6.8
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.securi
19-10-2020 - 18:10 25-03-2019 - 19:29
CVE-2019-7613 5.0
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
06-10-2020 - 13:18 25-03-2019 - 19:29
CVE-2019-7612 5.0
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as p
05-10-2020 - 20:38 25-03-2019 - 19:29
CVE-2020-7013 6.5
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead t
26-06-2020 - 18:55 03-06-2020 - 18:15
CVE-2020-7014 6.5
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able
19-06-2020 - 11:15 03-06-2020 - 18:15
CVE-2020-7015 3.5
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions,
05-06-2020 - 18:48 03-06-2020 - 18:15
CVE-2020-7012 6.5
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code.
05-06-2020 - 18:36 03-06-2020 - 18:15
CVE-2020-7011 4.3
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is abl
05-06-2020 - 18:11 03-06-2020 - 18:15
CVE-2020-7009 6.5
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API ke
09-04-2020 - 14:58 31-03-2020 - 19:15
CVE-2019-7621 3.5
Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another
10-02-2020 - 21:53 18-12-2019 - 20:15
CVE-2019-7617 6.4
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of t
09-10-2019 - 23:52 22-08-2019 - 17:15
CVE-2019-7608 4.3
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
27-09-2019 - 05:15 25-03-2019 - 19:29
CVE-2019-7610 9.3
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascrip
30-07-2019 - 22:15 25-03-2019 - 19:29
Back to Top Mark selected
Back to Top