Splunk

Splunk

165 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-5727

  • EPSS 0.22%
  • Published 21.02.2019 01:29:00
  • Last modified 21.11.2024 04:45:24

Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.

6.1

CVE-2018-7427

  • EPSS 0.21%
  • Published 23.10.2018 21:31:39
  • Last modified 21.11.2024 04:12:06

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote at...

7.5

CVE-2018-7429

  • EPSS 0.6%
  • Published 23.10.2018 21:31:39
  • Last modified 21.11.2024 04:12:06

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.

6.5

CVE-2018-7431

  • EPSS 0.4%
  • Published 23.10.2018 21:31:39
  • Last modified 21.11.2024 04:12:06

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remot...

7.5

CVE-2018-7432

  • EPSS 0.58%
  • Published 23.10.2018 21:31:39
  • Last modified 21.11.2024 04:12:07

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.

7

CVE-2017-18348

Exploit
  • EPSS 0.05%
  • Published 19.10.2018 08:29:00
  • Last modified 21.11.2024 03:19:54

Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert T...

5.3

CVE-2018-11409

Exploit
  • EPSS 91.78%
  • Published 08.06.2018 12:29:00
  • Last modified 21.11.2024 03:43:18

Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.

10

CVE-2017-17067

  • EPSS 3.34%
  • Published 30.11.2017 02:29:04
  • Last modified 20.04.2025 01:37:25

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access r...

4.8

CVE-2017-12572

  • EPSS 0.26%
  • Published 05.08.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.

4.8

CVE-2016-4856

  • EPSS 0.3%
  • Published 12.05.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.