14 matches found
EUVD-2014-5095
Malware in sbrugna...
CVE-2014-5197
Directory traversal vulnerability in 1 Splunk Web or the 2 Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a URI, related to search ids...
The vulnerability of the Splunk Enterprise platform’s SplunkD module for operational analytics allows a hacker to disclose protected information.
The vulnerability of the Splunk Enterprise platform for operational analysis involves insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the Splunk Enterprise platform’s SplunkD module for operational analysis allows a perpetrator to trigger a service failure.
The vulnerability of the Splunk Enterprise platform’s Splunkd component relates to an uncontrolled resource consumption due to an improperly formatted parameter named INGESTEVAL. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the splunkd component of the Splunk Enterprise platform for operational analytics allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the splunkd component of the Splunk Enterprise platform for operational analytics is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2024-45736
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...
CVE-2024-45736
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGESTEVAL"...
CVE-2024-45736
CVE-2024-45736 affects Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111. A low-privileged user without admin/power roles can craft a search query with an improperly formatted INGEST_EVAL parameter in a ...
CVE-2023-22941
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGESTEVAL’ parameter in a Field Transformation crashes the Splunk daemon splunkd...
PT-2023-18785 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: An improperly-formatted INGEST EVAL parameter in a Field Transformation can cause the Splunk daemon...
Cross site request forgery (csrf)
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request...
CVE-2018-7429
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request...
CVE-2011-4643
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. dot dot in a URI to 1 Splunk Web or 2 the Splunkd HTTP Server, aka SPL-45243...
Session fixation
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKDSESSIONKEY parameter...