- EPSS 0.01%
- Veröffentlicht 30.07.2025 00:15:43
- Zuletzt bearbeitet 31.07.2025 18:42:37
An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit thi...
CVE-2023-49922
- EPSS 0.44%
- Veröffentlicht 12.12.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:34:00
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the natu...
CVE-2023-31421
- EPSS 0.09%
- Veröffentlicht 26.10.2023 04:15:16
- Zuletzt bearbeitet 21.11.2024 08:01:49
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More...