Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
splunk splunk vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-17067
Splunk Web in Splunk Enterprise 7.0.x prior to 7.0.0.1, 6.6.x prior to 6.6.3.2, 6.5.x prior to 6.5.6, 6.4.x prior to 6.4.9, and 6.3.x prior to 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote malicious users to bypass intended access restrictions or...
Splunk Splunk
3 Github repositories
10
CVSSv2
CVE-2016-10126
Splunk Web in Splunk Enterprise 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, and 6.4.x prior to 6.4.4 allows remote malicious users to conduct HTTP request injection attacks and obtain sensitive REST API authent...
Splunk Splunk 5.0.1
Splunk Splunk 5.0.10
Splunk Splunk 5.0.6
Splunk Splunk 5.0.7
Splunk Splunk 5.0.13
Splunk Splunk 5.0.14
Splunk Splunk 5.0.2
Splunk Splunk 5.0.3
Splunk Splunk 5.0.11
Splunk Splunk 5.0.12
Splunk Splunk 5.0.8
Splunk Splunk 5.0.9
Splunk Splunk 5.0.15
Splunk Splunk 5.0.16
Splunk Splunk 5.0.0
Splunk Splunk 5.0.4
Splunk Splunk 5.0.5
Splunk Splunk 6.0.9
Splunk Splunk 6.0.10
Splunk Splunk 6.0.4
Splunk Splunk 6.0.5
Splunk Splunk 6.0.0
9.3
CVSSv2
CVE-2013-6771
Directory traversal vulnerability in the collect script in Splunk prior to 5.0.5 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for th...
Splunk Splunk
Splunk Splunk 5.0.3
Splunk Splunk 5.0.2
Splunk Splunk 5.0.1
Splunk Splunk 5.0
9.3
CVSSv2
CVE-2011-4644
Splunk 4.2.5 and previous versions, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote malicious users to (1) read arbitrary files via a management-console se...
Splunk Splunk 4.1.7
Splunk Splunk 4.1.6
Splunk Splunk 4.1.5
Splunk Splunk 4.1.4
Splunk Splunk 4.0.2
Splunk Splunk 4.0.1
Splunk Splunk 4.0
Splunk Splunk 3.4.14
Splunk Splunk 3.3.3
Splunk Splunk 3.3.2
Splunk Splunk 3.3.1
Splunk Splunk 3.3
Splunk Splunk 3.0.2
Splunk Splunk 3.0.1
Splunk Splunk 3.0
Splunk Splunk 2.2.6
Splunk Splunk 2.2.3
Splunk Splunk 4.2.1
Splunk Splunk 4.1.8
Splunk Splunk 4.1.3
Splunk Splunk 4.1.1
Splunk Splunk 4.0.11
1 EDB exploit
9
CVSSv2
CVE-2013-7394
The "runshellscript echo.sh" script in Splunk prior to 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
Splunk Splunk
Splunk Splunk 5.0.2
Splunk Splunk 5.0.1
Splunk Splunk 5.0
Splunk Splunk 5.0.3
7.5
CVSSv2
CVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the t...
Haxx Curl
Fedoraproject Fedora 35
Debian Debian Linux 11.0
Netapp Element Software -
Netapp Clustered Data Ontap -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Apple Macos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv2
CVE-2022-32158
Splunk Enterprise deployment servers in versions prior to 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute ...
Splunk Splunk
7.5
CVSSv2
CVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this...
Lz4 Project Lz4 1.8.3
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Cloud Native Core Policy 1.14.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv2
CVE-2010-2502
Multiple directory traversal vulnerabilities in Splunk 4.0 up to and including 4.0.10 and 4.1 up to and including 4.1.1 allow (1) remote malicious users to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an...
Splunk Splunk 4.0.7
Splunk Splunk 4.0.10
Splunk Splunk 4.0.9
Splunk Splunk 4.0
Splunk Splunk 4.0.6
Splunk Splunk 4.0.8
Splunk Splunk 4.0.1
Splunk Splunk 4.0.3
Splunk Splunk 4.0.5
Splunk Splunk 4.0.2
Splunk Splunk 4.0.4
Splunk Splunk 4.1
Splunk Splunk 4.1.1
6.9
CVSSv2
CVE-2017-18348
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPL...
Splunk Splunk
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »