High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-04	CVE-2022-43567	Deserialization of Untrusted Data vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. network low complexity splunk CWE-502	8.8
2022-11-03	CVE-2022-43571	Code Injection vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. network low complexity splunk CWE-94	8.8
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject apple splunk CWE-319	7.5
2022-08-23	CVE-2021-31566	Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. local low complexity libarchive fedoraproject redhat debian splunk CWE-59	7.8
2022-08-03	CVE-2022-35737	Improper Validation of Array Index vulnerability in multiple products SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. network low complexity sqlite netapp splunk CWE-129	7.5
2022-06-15	CVE-2022-32152	Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. network low complexity splunk CWE-295	7.2
2022-06-15	CVE-2022-32153	Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. network high complexity splunk CWE-295	8.1
2022-06-15	CVE-2022-32154	Command Injection vulnerability in Splunk Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. network low complexity splunk CWE-77	8.1
2022-06-15	CVE-2022-32155	Incorrect Permission Assignment for Critical Resource vulnerability in Splunk In universal forwarder versions before 9.0, management services are available remotely by default. network low complexity splunk CWE-732	7.5