Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-47766 | Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap Tuleap is a tool for end to end traceability of application and system developments. | 4.9 |
| 2024-10-14 | CVE-2024-47767 | Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap Tuleap is a tool for end to end traceability of application and system developments. | 4.3 |
| 2024-10-14 | CVE-2024-47826 | Code Injection vulnerability in Elabftw eLabFTW is an open source electronic lab notebook for research labs. | 6.1 |
| 2024-10-14 | CVE-2024-47831 | Uncontrolled Recursion vulnerability in Vercel Next.Js Next.js is a React Framework for the Web. | 7.5 |
| 2024-10-14 | CVE-2024-45731 | Path Traversal vulnerability in Splunk In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | 8.0 |
| 2024-10-14 | CVE-2024-45732 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. | 6.5 |
| 2024-10-14 | CVE-2024-45733 | Deserialization of Untrusted Data vulnerability in Splunk In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | 8.8 |
| 2024-10-14 | CVE-2024-45734 | Unspecified vulnerability in Splunk In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. | 4.3 |
| 2024-10-14 | CVE-2024-45735 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. | 4.3 |
| 2024-10-14 | CVE-2024-45736 | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). | 6.5 |