splunk

284 tracked vulnerabilities.

CVE-2023-32712 HIGH
Splunk Enterprise <9.1.0.2, <9.0.5.1, <8.2.11.2 - Code Injection
Jun 01, 2023
CVSS 8.6
EPSS 0.00
CVE-2023-32711 MEDIUM
Splunk 8.1.0-8.1.13 - Stored Cross-Site Scripting via Bootstrap Framework
Jun 01, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-32710 MEDIUM
Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 & Splunk Cloud <9.0.2303.100 - Unauthorized Data Exposure
Jun 01, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-32709 MEDIUM
Splunk < 9.0.5, 8.2.11, 8.1.14 & Splunk Cloud < 9.0.2303.100 - Unauthorized Access to Hashed Credentials
Jun 01, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-32708 HIGH
Splunk Enterprise < 9.0.5, < 8.2.11, < 8.1.14 and Splunk Cloud Platform < 9.0.2303.100 - HTTP Response Splitting
Jun 01, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-32707 HIGH
Splunk Enterprise <9.0.5 - Privilege Escalation
Jun 01, 2023
CVSS 8.8
EPSS 0.74
CVE-2023-32706 HIGH
Splunk < 9.0.5, 8.2.11, 8.1.14 - Unauthenticated Denial of Service via SAML XML Parser
Jun 01, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-27538 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via SSH Connection Reuse
Mar 30, 2023
CVSS 5.5
EPSS 0.01
CVE-2023-27537 MEDIUM
libcurl < 8.0.0 - Double Free via HSTS Data Sharing
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27536 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27535 MEDIUM
libcurl < 8.0.0 - Authentication Bypass via FTP Connection Reuse
Mar 30, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-27534 HIGH
curl < 8.0.0 - Path Traversal via SFTP Tilde Character Handling
Mar 30, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-27533 HIGH
curl < 8.0 - Remote Code Execution via TELNET Protocol Input Validation
Mar 30, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-23916 MEDIUM
curl 7.57.0-7.87.0 - Denial of Service via HTTP Compression Header Chain
Feb 23, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-23915 MEDIUM
curl 7.77.0-7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Cache Overwrite
Feb 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-23914 CRITICAL
curl < 7.88.0 - Cleartext Transmission of Sensitive Information via HSTS State Mismanagement
Feb 23, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-22943 MEDIUM
Splunk AoB <4.1.2 & Splunk CloudConnect SDK <3.1.3 - Info Disclosure
Feb 14, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-22942 MEDIUM
Splunk 8.1.0-8.1.12 - Cross-Site Request Forgery in Splunk Secure Gateway KV Store Endpoint
Feb 14, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-22941 MEDIUM
Splunk Enterprise <8.1.13, 8.2.10, 9.0.4 - DoS
Feb 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22940 MEDIUM
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Unauthorized Data Exposure via SPL Command Aliases
Feb 14, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-22939 HIGH
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Authenticated SPL Safeguard Bypass via Map Command
Feb 14, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-22938 MEDIUM
Splunk Enterprise < 8.1.13, < 8.2.10, < 9.0.4 - Authenticated Email Spoofing via sendemail REST Endpoint
Feb 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-22937 MEDIUM
Splunk < 8.1.13 - Improper Input Validation
Feb 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-22936 MEDIUM
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 & Splunk Cloud < 9.0.2209.3 - SSRF via search_listener
Feb 14, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-22935 HIGH
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 - Authenticated SPL Safeguard Bypass via Search Parameter
Feb 14, 2023
CVSS 8.1
EPSS 0.01