Vulnerabilities (CVE)

Filtered by vendor Splunk Subscribe
Total 207 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4859 1 Splunk 1 Splunk 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-4858 1 Splunk 1 Splunk 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4857 1 Splunk 1 Splunk 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-4856 1 Splunk 1 Splunk 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-10126 1 Splunk 1 Splunk 2024-11-21 10.0 HIGH 9.8 CRITICAL
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
CVE-2015-7604 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6515 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header.
CVE-2015-6514 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8380 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.
CVE-2014-8303 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing.
CVE-2014-8302 1 Splunk 1 Splunk 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.
CVE-2014-8301 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header.
CVE-2014-5466 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5198 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.
CVE-2014-5197 1 Splunk 1 Splunk 2024-11-21 4.0 MEDIUM N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2014-3147 1 Splunk 1 Splunk 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
CVE-2014-2578 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-0160 13 Broadcom, Canonical, Debian and 10 more 35 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 32 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVE-2013-7394 1 Splunk 1 Splunk 2024-11-21 9.0 HIGH N/A
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
CVE-2013-6870 1 Splunk 1 Splunk 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.