Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68388 | 1 Elasticsearch | 1 Packetbeat | 2025-12-23 | N/A | 5.3 MEDIUM |
| Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat. | |||||
| CVE-2025-68382 | 1 Elasticsearch | 1 Packetbeat | 2025-12-23 | N/A | 6.5 MEDIUM |
| Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages. | |||||
| CVE-2025-68381 | 1 Elasticsearch | 1 Packetbeat | 2025-12-23 | N/A | 6.5 MEDIUM |
| Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number. | |||||
| CVE-2017-11480 | 1 Elasticsearch | 1 Packetbeat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic. | |||||