splunk

284 tracked vulnerabilities.

CVE-2022-37438 LOW
Splunk Enterprise 8.1.0-8.1.10 & Splunk Cloud <8.2.2203.4 Authenticated Info Exposure
Aug 16, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-37437 HIGH
Splunk 9.0.0 - Improper Certificate Validation in Ingest Actions S3 Destination
Aug 16, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-35737 HIGH
SQLite 1.0.12-3.39.x - Array Index Overflow via String Argument to C API
Aug 03, 2022
CVSS 7.5
EPSS 0.18
CVE-2022-32208 MEDIUM
curl 7.16.4-7.83.1 - Man-In-The-Middle Attack via FTP KRB5 Message Verification Failure
Jul 07, 2022
CVSS 5.9
EPSS 0.07
CVE-2022-32207 CRITICAL
curl 7.69.0-7.83.1 - Unauthenticated File Permission Overwrite via Atomic Rename
Jul 07, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-32206 MEDIUM
curl < 7.84.0 - Denial of Service via Unbounded HTTP Compression Chain
Jul 07, 2022
CVSS 6.5
EPSS 0.32
CVE-2022-32205 MEDIUM
curl 7.71.0-7.84.0 - Denial of Service via Excessive Set-Cookie Headers
Jul 07, 2022
CVSS 4.3
EPSS 0.27
CVE-2022-32158 CRITICAL
Splunk < 9.0 - Unauthenticated Arbitrary Code Execution via Deployment Server
Jun 15, 2022
CVSS 9.0
EPSS 0.01
CVE-2022-32157 HIGH
Splunk < 9.0 - Unauthenticated Forwarder Bundle Download
Jun 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32156 HIGH
Splunk Enterprise and Universal Forwarder < 9.0 - Improper Certificate Validation in CLI
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32155 HIGH
Splunk < 9.0 - Unauthenticated Remote Management Services Exposure
Jun 15, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-32154 MEDIUM
Splunk < 9.0 - SPL Safeguard Bypass via Form Token Injection
Jun 15, 2022
CVSS 6.8
EPSS 0.01
CVE-2022-32153 HIGH
Splunk Enterprise <9.0-8.2.2203 - Privilege Escalation
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32152 HIGH
Splunk Enterprise < 9.0 & Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32151 HIGH
Splunk < 9.0 and Splunk Cloud Platform < 8.2.2203 - Improper Certificate Validation
Jun 15, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-30115 MEDIUM
curl 7.82.0-7.83.0 - Cleartext Transmission of Sensitive Information via HSTS Bypass
Jun 02, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-27782 HIGH
curl < 7.83.1 - Improper Certificate Validation
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27781 HIGH
curl < 7.83.1 - Denial of Service via Malicious Server Certificate Chain
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27780 HIGH
curl 7.80.0-7.83.0 - URL Hostname Spoofing via Percent-Encoded Separator Bypass
Jun 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-27779 MEDIUM
curl 7.82.0-7.83.0 - Cookie Injection for Top-Level Domains via Trailing Dot Bypass
Jun 02, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-27778 HIGH
cURL - Use of Incorrectly Resolved Name
Jun 02, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-27776 MEDIUM
curl < 7.83.0 - Credential Leak via HTTP Redirect to Different Port
Jun 02, 2022
CVSS 6.5
EPSS 0.03
CVE-2022-27775 HIGH
curl 7.65.0-7.82.0 - Information Disclosure via IPv6 Connection Reuse
Jun 02, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-27774 MEDIUM
curl 4.9-7.82.0 - Credential Leak via HTTP Redirect
Jun 02, 2022
CVSS 5.7
EPSS 0.02
CVE-2022-22576 HIGH
curl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
May 26, 2022
CVSS 8.1
EPSS 0.02