Lucene search
K

39 matches found

NVD
NVD
added 2026/06/10 6:16 p.m.13 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.18 views

CVE-2026-20260

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker can inject ANSI escape codes into SOAR logs via specially crafted HTTP request paths. The root cause is that SOAR does not strip control characters from HTTP request paths before wr...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/03 5:0 p.m.2 views

CVE-2025-20384 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...

5.3CVSS6.6AI score0.00339EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

5.3CVSS6AI score0.00339EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.6 views

Apache Tomcat Console Manipulation Vulnerability (Oct 2025) - Linux

Apache Tomcat is prone to a console manipulation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; i...

9.6CVSS7AI score0.09917EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36939

Malicious code in bioql PyPI...

8.6CVSS4.5AI score0.00341EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 6 : git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - git: cvsserver command injection CVE-2017-14867 - git: Escape out of git-shell CVE-2017-8386 - Git throug...

8.8CVSS8AI score0.36003EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 8 : git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially...

8.1AI score0.01081EPSS
Exploits0References1
Prion
Prion
added 2023/08/30 5:15 p.m.21 views

Code injection

In Splunk IT Service Intelligence ITSI versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute ANSI escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable...

4.4CVSS8.2AI score0.00233EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.7 views

PT-2023-29657 · Splunk · Splunk It Service Intelligence

Name of the Vulnerable Software and Affected Versions: Splunk IT Service Intelligence ITSI versions prior to 4.13.3 Splunk IT Service Intelligence ITSI versions prior to 4.15.3 Splunk IT Service Intelligence ITSI versions prior to 4.17.1 Description: A malicious actor can inject American National...

8.6CVSS7.2AI score0.00233EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.6 views

Splunk 注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk has an injection vulnerability that stems...

8.6CVSS8AI score0.00233EPSS
Exploits0References3
OSV
OSV
added 2023/06/01 5:15 p.m.3 views

CVE-2023-32712

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

3.1CVSS6.2AI score
Exploits0References2
NVD
NVD
added 2023/06/01 5:15 p.m.20 views

CVE-2023-32712

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

8.6CVSS8.5AI score0.00341EPSS
Exploits0References2
Prion
Prion
added 2023/06/01 5:15 p.m.17 views

Code injection

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

2.6CVSS4.4AI score0.00341EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/01 4:34 p.m.21 views

CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

8.6CVSS7AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2023/06/01 4:34 p.m.177 views

CVE-2023-32712

The CVE-2023-32712 issue affects Splunk Enterprise and Universal Forwarder as described in multiple sources. Affected Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2 allow injecting ANSI escape codes into log files, which a vulnerable terminal can translate to read locally, potent...

8.6CVSS5.3AI score0.00341EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.7 views

PT-2023-7355 · Splunk · Universal Forwarder +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...

10CVSS7.6AI score0.00341EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/01 12:0 a.m.35 views

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0606)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0606 advisory. - In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards...

8.6CVSS5.8AI score0.00341EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/07/14 12:56 p.m.6 views

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

7.8CVSS7.1AI score0.03304EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.1 views

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

7.8CVSS7.1AI score0.03304EPSS
Exploits1References5
Rows per page
Query Builder