Skip to main content

Fluentd

3 CVEs product

Monthly

CVE-2022-39379 Ruby CRITICAL PATCH Act Now

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluentd Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
44.7%
CVE-2021-41186 Ruby HIGH PATCH This Week

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Fluentd
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2017-10906 Ruby CRITICAL PATCH Act Now

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Fluentd Openstack
NVD GitHub
CVSS 3.0
9.8
EPSS
4.7%
EPSS 45% CVSS 9.8
CRITICAL PATCH Act Now

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluentd +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Fluentd
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Fluentd Openstack
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy