|
265921
|
7.5 |
HIGH
Network
|
elastic
|
logstash
|
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Log…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2016-10363
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265922
|
6.5 |
MEDIUM
Network
|
elasticsearch
|
output_plugin
|
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
|
CWE-200
Information Exposure
|
CVE-2016-10362
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265923
|
7.5 |
HIGH
Network
|
elastic
|
logstash
|
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
|
CWE-88
Argument Injection
|
CVE-2016-1000222
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265924
|
7.5 |
HIGH
Network
|
elastic
|
logstash
|
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2016-1000221
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265925
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000220
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265926
|
7.5 |
HIGH
Network
|
elastic
|
kibana
|
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack session…
|
CWE-285
Improper Authorization
|
CVE-2016-1000219
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265927
|
8.8 |
HIGH
Network
|
elastic
|
kibana_reporting
|
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially…
|
CWE-352
Origin Validation Error
|
CVE-2016-1000218
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265928
|
7.8 |
HIGH
Local
|
flexerasoftware
|
flexnet_publisher
|
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licen…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10395
|
2024-11-21 11:43 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265929
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10342
|
2024-11-21 11:43 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265930
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10341
|
2024-11-21 11:43 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
