splunk

284 tracked vulnerabilities.

CVE-2023-22934 HIGH
Splunk Enterprise < 8.1.13, 8.2.10, 9.0.4 & Splunk Cloud < 9.0.2209.3 - Authenticated SPL Bypass via Pivot
Feb 14, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-22933 HIGH
Splunk Enterprise < 8.1.13, < 8.2.10, < 9.0.4 - Cross-Site Scripting via XML View layoutPanel Attribute
Feb 14, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-22932 HIGH
Splunk 9.0.0-9.0.3 - Cross-Site Scripting via Base64-Encoded Image Error Message
Feb 14, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-22931 MEDIUM
Splunk Enterprise < 8.1.13 and 8.2.10 - Improper Authorization in RSS Feed Creation
Feb 14, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-43552 MEDIUM
curl < 7.87.0 - Use-After-Free in HTTP Proxy Tunnel Shutdown
Feb 09, 2023
CVSS 5.9
EPSS 0.03
CVE-2022-43551 HIGH
curl < 7.87.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Dec 23, 2022
CVSS 7.5
EPSS 0.17
CVE-2022-35260 MEDIUM
curl 7.84.0-7.85.0 - Out-of-bounds Read in .netrc Parser
Dec 05, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-32221 CRITICAL
curl - Exposure of Sensitive Information via Reused Handle Logic
Dec 05, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-36227 CRITICAL
libarchive <3.6.2 - Memory Corruption
Nov 22, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-43572 HIGH
Splunk Enterprise <8.2.9-9.0.2 - DoS
Nov 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-43570 HIGH
Splunk Enterprise <8.1.12-9.0.2 - XML External Entity Injection
Nov 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-43569 HIGH
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-43568 HIGH
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 8.8
EPSS 0.43
CVE-2022-43567 HIGH
Splunk Enterprise <8.2.9-9.0.2 - Command Injection
Nov 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-43566 HIGH
Splunk Enterprise <8.2.9, <8.1.12, <9.0.2 - Privilege Escalation
Nov 04, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-43565 HIGH
Splunk Enterprise <8.2.9, 8.1.12 - CSRF
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-43564 MEDIUM
Splunk Enterprise <8.1.12-9.0.2 - DoS
Nov 04, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-43563 HIGH
Splunk Enterprise <8.2.9, 8.1.12 - Auth Bypass
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-43562 LOW
Splunk Enterprise <8.1.12-9.0.2 - XSS
Nov 04, 2022
CVSS 3.0
EPSS 0.00
CVE-2022-43571 HIGH
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
Nov 03, 2022
CVSS 8.8
EPSS 0.14
CVE-2022-43561 MEDIUM
Splunk Enterprise <8.1.12, 8.2.9, 9.0.2 - XSS
Nov 03, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-42915 HIGH
curl 7.77.0-7.85.0 - Double Free via HTTP Proxy CONNECT Error Handling
Oct 29, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-42916 HIGH
curl 7.77.0-7.85.0 - Cleartext Transmission of Sensitive Information via IDN Character Bypass
Oct 29, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-35252 LOW
curl < 7.85.0 - Denial of Service via Cookie Control Code Injection
Sep 23, 2022
CVSS 3.7
EPSS 0.02
CVE-2022-37439 MEDIUM
Splunk Enterprise and Universal Forwarder 8.1.0-8.1.10 - Denial of Service via Malformed ZIP File
Aug 16, 2022
CVSS 5.5
EPSS 0.00