39 matches found
CVE-2026-20260
In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...
CVE-2026-20260
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker can inject ANSI escape codes into SOAR logs via specially crafted HTTP request paths. The root cause is that SOAR does not strip control characters from HTTP request paths before wr...
CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...
Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...
Apache Tomcat Console Manipulation Vulnerability (Oct 2025) - Linux
Apache Tomcat is prone to a console manipulation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; i...
EUVD-2023-36939
Malicious code in bioql PyPI...
RHEL 6 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - git: cvsserver command injection CVE-2017-14867 - git: Escape out of git-shell CVE-2017-8386 - Git throug...
RHEL 8 : git (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially...
Code injection
In Splunk IT Service Intelligence ITSI versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute ANSI escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable...
PT-2023-29657 · Splunk · Splunk It Service Intelligence
Name of the Vulnerable Software and Affected Versions: Splunk IT Service Intelligence ITSI versions prior to 4.13.3 Splunk IT Service Intelligence ITSI versions prior to 4.15.3 Splunk IT Service Intelligence ITSI versions prior to 4.17.1 Description: A malicious actor can inject American National...
Splunk 注入漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk has an injection vulnerability that stems...
CVE-2023-32712
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...
CVE-2023-32712
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...
Code injection
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...
CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise
In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...
CVE-2023-32712
The CVE-2023-32712 issue affects Splunk Enterprise and Universal Forwarder as described in multiple sources. Affected Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2 allow injecting ANSI escape codes into log files, which a vulnerable terminal can translate to read locally, potent...
PT-2023-7355 · Splunk · Universal Forwarder +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...
Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0606)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0606 advisory. - In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards...
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...