splunk
284 tracked vulnerabilities.
CVE-2023-22934
HIGH
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 & Splunk Cloud < 9.0.2209.3 - Authenticated SPL Bypass via Pivot
Feb 14, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-22933
HIGH
Splunk Enterprise < 8.1.13, < 8.2.10, < 9.0.4 - Cross-Site Scripting via XML View layoutPanel Attribute
Feb 14, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-22932
HIGH
Splunk 9.0.0-9.0.3 - Cross-Site Scripting via Base64-Encoded Image Error Message
Feb 14, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-22931
MEDIUM
Splunk Enterprise < 8.1.13 and 8.2.10 - Improper Authorization in RSS Feed Creation
Feb 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-43552
MEDIUM
curl < 7.87.0 - Use-After-Free in HTTP Proxy Tunnel Shutdown
Feb 09, 2023
CVSS 5.9
EPSS 0.03
CVE-2022-43551
HIGH
curl < 7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Dec 23, 2022
CVSS 7.5
EPSS 0.17
CVE-2022-35260
MEDIUM
curl 7.84.0-7.85.0 - Out-of-bounds Read in .netrc Parser
Dec 05, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-32221
CRITICAL
curl - Exposure of Sensitive Information via Reused Handle Logic
Dec 05, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-36227
CRITICAL
libarchive <3.6.2 - Memory Corruption
Nov 22, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-43572
HIGH
Splunk Enterprise <8.2.9-9.0.2 - DoS
Nov 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-43570
HIGH
Splunk Enterprise <8.1.12-9.0.2 - XML External Entity Injection
Nov 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-43569
HIGH
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-43568
HIGH
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 8.8
EPSS 0.43
CVE-2022-43567
HIGH
Splunk Enterprise <8.2.9-9.0.2 - Command Injection
Nov 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-43566
HIGH
Splunk Enterprise <8.2.9, <8.1.12, <9.0.2 - Privilege Escalation
Nov 04, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-43565
HIGH
Splunk Enterprise <8.2.9, 8.1.12 - CSRF
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-43564
MEDIUM
Splunk Enterprise <8.1.12-9.0.2 - DoS
Nov 04, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-43563
HIGH
Splunk Enterprise <8.2.9, 8.1.12 - Auth Bypass
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-43562
LOW
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 3.0
EPSS 0.00
CVE-2022-43571
HIGH
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
Nov 03, 2022
CVSS 8.8
EPSS 0.14
CVE-2022-43561
MEDIUM
Splunk Enterprise <8.1.12, 8.2.9, 9.0.2 - XSS
Nov 03, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-42915
HIGH
curl 7.77.0-7.85.0 - Double Free via HTTP Proxy CONNECT Error Handling
Oct 29, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-42916
HIGH
curl 7.77.0-7.85.0 - Cleartext Transmission of Sensitive Information via IDN Character Bypass
Oct 29, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-35252
LOW
curl < 7.85.0 - Denial of Service via Cookie Control Code Injection
Sep 23, 2022
CVSS 3.7
EPSS 0.02
CVE-2022-37439
MEDIUM
Splunk Enterprise and Universal Forwarder 8.1.0-8.1.10 - Denial of Service via Malformed ZIP File
Aug 16, 2022
CVSS 5.5
EPSS 0.00
Products
splunk 201
splunk_cloud_platform 106
universal_forwarder 61
Splunk Enterprise 16
Splunk Cloud Platform 14
cloud 9
splunk_secure_gateway 5
Splunk AI Toolkit 3
Splunk Secure Gateway 3
add-on_builder 3
ai_toolkit 3
splunk_app_for_lookup_file_editing 3
Splunk MCP Server 2
enterprise_security 2
Splunk Add-on for Palo Alto Networks 1
Splunk App for SOAR 1
Splunk SOAR 1
Splunk Supporting Add-on for Active Directory 1
cloudconnect_software_development_kit 1
hadoop_connect 1
it_service_intelligence 1
nozzle 1
soar 1
software_development_kit 1
splunk_app_for_stream 1
Quick Filters