splunk
284 tracked vulnerabilities.
CVE-2022-37438
LOW
Splunk Enterprise 8.1.0-8.1.10 & Splunk Cloud <8.2.2203.4 Authenticated Info Exposure
Aug 16, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-37437
HIGH
Splunk 9.0.0 - Improper Certificate Validation in Ingest Actions S3 Destination
Aug 16, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-35737
HIGH
SQLite 1.0.12-3.39.x - Array Index Overflow via String Argument to C API
Aug 03, 2022
CVSS 7.5
EPSS 0.18
CVE-2022-32208
MEDIUM
curl 7.16.4-7.83.1 - Man-In-The-Middle Attack via FTP KRB5 Message Verification Failure
Jul 07, 2022
CVSS 5.9
EPSS 0.07
CVE-2022-32207
CRITICAL
curl 7.69.0-7.83.1 - Unauthenticated File Permission Overwrite via Atomic Rename
Jul 07, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-32206
MEDIUM
curl < 7.84.0 - Denial of Service via Unbounded HTTP Compression Chain
Jul 07, 2022
CVSS 6.5
EPSS 0.32
CVE-2022-32205
MEDIUM
curl 7.71.0-7.84.0 - Denial of Service via Excessive Set-Cookie Headers
Jul 07, 2022
CVSS 4.3
EPSS 0.27
CVE-2022-32158
CRITICAL
Splunk < 9.0 - Unauthenticated Arbitrary Code Execution via Deployment Server
Jun 15, 2022
CVSS 9.0
EPSS 0.01
CVE-2022-32157
HIGH
Splunk < 9.0 - Unauthenticated Forwarder Bundle Download
Jun 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32156
HIGH
Splunk Enterprise and Universal Forwarder < 9.0 - Improper Certificate Validation in CLI
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32155
HIGH
Splunk < 9.0 - Unauthenticated Remote Management Services Exposure
Jun 15, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32154
MEDIUM
Splunk < 9.0 - SPL Safeguard Bypass via Form Token Injection
Jun 15, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-32153
HIGH
Splunk Enterprise <9.0-8.2.2203 - Privilege Escalation
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32152
HIGH
Splunk Enterprise < 9.0 & Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32151
HIGH
Splunk < 9.0 and Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-30115
MEDIUM
curl 7.82.0-7.83.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Jun 02, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-27782
HIGH
curl < 7.83.1 - Improper Certificate Validation
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27781
HIGH
curl < 7.83.1 - Denial of Service via Malicious Server Certificate Chain
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27780
HIGH
curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27779
MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
Jun 02, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-27778
HIGH
cURL - Use of Incorrectly Resolved Name
Jun 02, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-27776
MEDIUM
curl < 7.83.0 - Credential Leak via HTTP Redirect to Different Port
Jun 02, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-27775
HIGH
curl 7.65.0-7.82.0 - Information Disclosure via IPv6 Connection Reuse
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27774
MEDIUM
curl 4.9-7.82.0 - Credential Leak via HTTP Redirect
Jun 02, 2022
CVSS 5.7
EPSS 0.02
CVE-2022-22576
HIGH
curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
May 26, 2022
CVSS 8.1
EPSS 0.02
Products
splunk 201
splunk_cloud_platform 106
universal_forwarder 61
Splunk Enterprise 16
Splunk Cloud Platform 14
cloud 9
splunk_secure_gateway 5
Splunk AI Toolkit 3
Splunk Secure Gateway 3
add-on_builder 3
ai_toolkit 3
splunk_app_for_lookup_file_editing 3
Splunk MCP Server 2
enterprise_security 2
Splunk Add-on for Palo Alto Networks 1
Splunk App for SOAR 1
Splunk SOAR 1
Splunk Supporting Add-on for Active Directory 1
cloudconnect_software_development_kit 1
hadoop_connect 1
it_service_intelligence 1
nozzle 1
soar 1
software_development_kit 1
splunk_app_for_stream 1
Quick Filters