Filtered by vendor Splunk
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2429 | 2 Microsoft, Splunk | 2 Internet Explorer, Splunk | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. | ||||
| CVE-2011-4778 | 1 Splunk | 1 Splunk | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPL-44614. | ||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2024-08-07 | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | ||||
| CVE-2011-4642 | 1 Splunk | 1 Splunk | 2024-08-07 | N/A |
| mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172. | ||||
| CVE-2011-4643 | 1 Splunk | 1 Splunk | 2024-08-07 | N/A |
| Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. | ||||
| CVE-2012-6447 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-7394 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types. | ||||
| CVE-2013-6771 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script. | ||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-08-06 | 7.8 High |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | ||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2024-08-06 | 4.3 Medium |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | ||||
| CVE-2013-2766 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8380 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression. | ||||
| CVE-2014-5466 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-3147 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. | ||||
| CVE-2014-2578 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2024-08-06 | 7.5 High |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| CVE-2016-10126 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | ||||
| CVE-2016-4859 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2016-4858 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-4857 | 1 Splunk | 1 Splunk | 2024-08-06 | N/A |
| Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||