Filtered by vendor Splunk
Subscribe
Total
207 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8231 | 5 Debian, Haxx, Oracle and 2 more | 5 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | |||||
| CVE-2020-8177 | 5 Debian, Fujitsu, Haxx and 2 more | 16 Debian Linux, M10-1, M10-1 Firmware and 13 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||
| CVE-2020-8169 | 4 Debian, Haxx, Siemens and 1 more | 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||||
| CVE-2020-14155 | 6 Apple, Gitlab, Netapp and 3 more | 20 Macos, Gitlab, Active Iq Unified Manager and 17 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
| CVE-2019-5729 | 1 Splunk | 1 Software Development Kit | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. | |||||
| CVE-2019-5727 | 1 Splunk | 1 Splunk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | |||||
| CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-11-21 | 2.1 LOW | 6.3 MEDIUM |
| CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | |||||
| CVE-2019-20838 | 3 Apple, Pcre, Splunk | 3 Macos, Pcre, Universal Forwarder | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | |||||
| CVE-2019-20454 | 3 Fedoraproject, Pcre, Splunk | 3 Fedora, Pcre2, Universal Forwarder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. | |||||
| CVE-2018-7432 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2018-7431 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-7429 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | |||||
| CVE-2018-7427 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-11409 | 1 Splunk | 1 Splunk | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | |||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | |||||
| CVE-2017-5880 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. | |||||
| CVE-2017-5607 | 1 Splunk | 1 Splunk | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage. | |||||
| CVE-2017-18348 | 1 Splunk | 1 Splunk | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | |||||
| CVE-2017-17067 | 1 Splunk | 1 Splunk | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. | |||||
| CVE-2017-12572 | 1 Splunk | 1 Splunk | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. | |||||