📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in the unsafe use of a Splunk lookup function. The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0...

Apache Tomcat DoS Vulnerability (Oct 2025) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

RLSA-2025:18153 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime...

.NET 9.0 security update

9.0.111-1.0.1 - Add support for Oracle Linux 9.0.111-1 - Update to .NET SDK 9.0.111 and Runtime 9.0.10 - Resolves: RHEL-116856...

Oracle Linux 8 : .NET / 9.0 (ELSA-2025-18150)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-18150 advisory. 9.0.111-1.0.1 - Add support for Oracle Linux 9.0.111-1 - Update to .NET SDK 9.0.111 and Runtime 9.0.10 - Resolves: RHEL-116856 Tenable has extracted t...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-3416 DESCRIPTION: A flaw was found in OpenSSL's handling of the properties...

VulnCheck KEV: CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

CVE-2024-36985

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunkarchiver“ application...

PT-2024-9890 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Description: The issue is related to insufficient access contr...

PT-2024-4601 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Description: The issue is related to a path traversal vulnerability in Splunk Enterprise on Windows, which could...

PT-2024-27235 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Splunk Cloud Platform versions prior to 9.1.2308.207...

Splunk Enterprise 9.0.0 < 9.0.10, 9.1.0 < 9.1.5, 9.2.0 < 9.2.2 (SVD-2024-0707)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0707 advisory. - In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an...

Apache Tomcat 9.0.0.M1 < 9.0.10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.10security-9 advisory. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by...

SUSE CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer...

SUSE CVE-2022-26110

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon...

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...