Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2015-5377
- EPSS 39.77%
- Published 06.03.2018 20:29:00
- Last modified 21.11.2024 02:32:54
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
9.8
CVE-2015-1427
- EPSS 92.88%
- Published 17.02.2015 15:59:04
- Last modified 12.04.2025 10:46:40
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.