splunk

272 tracked vulnerabilities.

CVE-2022-32153 HIGH
Splunk Enterprise <9.0-8.2.2203 - Privilege Escalation
Jun 15, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-32152 HIGH
Splunk Enterprise < 9.0 & Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-32151 HIGH
Splunk < 9.0 and Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-30115 MEDIUM
curl 7.82.0-7.83.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Jun 02, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-27782 HIGH
curl < 7.83.1 - Improper Certificate Validation
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27781 HIGH
curl < 7.83.1 - Denial of Service via Malicious Server Certificate Chain
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27780 HIGH
curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27779 MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
Jun 02, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-27778 HIGH
cURL - Use of Incorrectly Resolved Name
Jun 02, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-27776 MEDIUM
curl < 7.83.0 - Credential Leak via HTTP Redirect to Different Port
Jun 02, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-27775 HIGH
curl 7.65.0-7.82.0 - Information Disclosure via IPv6 Connection Reuse
Jun 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27774 MEDIUM
curl 4.9-7.82.0 - Credential Leak via HTTP Redirect
Jun 02, 2022
CVSS 5.7
EPSS 0.00
CVE-2022-22576 HIGH
curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
May 26, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-27183 HIGH
Splunk 8.1.0-8.1.4 - Reflected Cross-Site Scripting in Monitoring Console Query Parameter
May 06, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-26889 HIGH
Splunk Enterprise <8.1.2 - Path Traversal
May 06, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-26070 MEDIUM
Splunk Enterprise <8.1.0 - Info Disclosure
May 06, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-31566 HIGH
libarchive < 3.5.2 - Improper Link Resolution Before File Access
Aug 23, 2022
CVSS 7.8
EPSS 0.00
CVE-2021-42743 HIGH
Splunk < 8.1.1 - Local Privilege Escalation via Node Default Path Misconfiguration
May 06, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-33845 MEDIUM
Splunk 8.1.0-8.1.7 - Username Enumeration via Lockout Error Message
May 06, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-31559 HIGH
Splunk Enterprise Indexer <8.1.5, <8.2.1 - Auth Bypass
May 06, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-26253 HIGH
Splunk 8.1.0-8.1.6 - Unauthenticated MFA Bypass via DUO Implementation
May 06, 2022
CVSS 8.1
EPSS 0.00
CVE-2021-3422 HIGH
Splunk < 7.3.9, 8.0 < 8.0.9, 8.1 < 8.1.3 - Denial of Service via Splunk-to-Splunk Protocol Key-Value Field
Mar 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-22947 MEDIUM
curl >=7.20.0 <=7.78.0 - Info Disclosure
Sep 29, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-22946 HIGH
curl >=7.20.0-7.78.0 - Info Disclosure
Sep 29, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-22945 CRITICAL
libcurl <= 7.73.0, 7.78.0 - Use After Free
Sep 23, 2021
CVSS 9.1
EPSS 0.00
Products
splunk 192 splunk_cloud_platform 98 universal_forwarder 61 cloud 9 Splunk Enterprise 7 Splunk Cloud Platform 5 splunk_secure_gateway 4 add-on_builder 3 splunk_app_for_lookup_file_editing 3 Splunk MCP Server 2 Splunk Secure Gateway 2 enterprise_security 2 Splunk AI Toolkit 1 Splunk Add-on for Palo Alto Networks 1 Splunk App for SOAR 1 Splunk Supporting Add-on for Active Directory 1 cloudconnect_software_development_kit 1 hadoop_connect 1 it_service_intelligence 1 nozzle 1 soar 1 software_development_kit 1 splunk_app_for_stream 1
Quick Filters
Critical CVEs With Exploits In CISA KEV