CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-5095

Malware in sbrugna...

4CVSS6.4AI score0.00463EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 4:15 a.m.•5 views

CVE-2014-5197

Directory traversal vulnerability in 1 Splunk Web or the 2 Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a URI, related to search ids...

4CVSS6.5AI score0.00463EPSS

Exploits0References1

OSV•added 2024/10/14 5:15 p.m.•1 views

CVE-2024-45736

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...

6.5CVSS5.8AI score0.00148EPSS

Exploits0References2

NVD•added 2024/10/14 5:15 p.m.•14 views

CVE-2024-45736

6.5CVSS0.00148EPSS

Exploits0References2

CVE•added 2024/10/14 5:3 p.m.•58 views

CVE-2024-45736

CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...

6.5CVSS6.5AI score0.00148EPSS

Exploits0References2Affected Software2

OSV•added 2023/02/14 6:15 p.m.•0 views

CVE-2023-22941

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...

7.5CVSS7.1AI score0.01093EPSS

Exploits0References2

Positive Technologies•added 2023/02/14 12:0 a.m.•3 views

PT-2023-18785 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: An improperly-formatted INGEST EVAL parameter in a Field Transformation can cause the Splunk daemon...

7.5CVSS7.2AI score0.01093EPSS

Exploits0References5

Prion•added 2018/10/23 9:31 p.m.•16 views

Cross site request forgery (csrf)

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request...

5CVSS7.4AI score0.00598EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/10/23 9:0 p.m.•20 views

CVE-2018-7429

7.4AI score0.00598EPSS

Exploits0References1

Cvelist•added 2012/01/03 11:0 a.m.•20 views

CVE-2011-4643

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. dot dot in a URI to 1 Splunk Web or 2 the Splunkd HTTP Server, aka SPL-45243...

6.5AI score0.09251EPSS

Exploits1References7

Prion•added 2010/09/14 5:0 p.m.•20 views

Session fixation

Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...

4.6CVSS7.2AI score0.00391EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by