Vulnerabilities > Splunk > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-03 | CVE-2022-35737 | Improper Validation of Array Index vulnerability in multiple products SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | 7.5 |
| 2022-06-15 | CVE-2022-32152 | Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. | 7.2 |
| 2022-06-15 | CVE-2022-32153 | Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. | 8.1 |
| 2022-06-15 | CVE-2022-32154 | Command Injection vulnerability in Splunk Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. | 8.1 |
| 2022-06-15 | CVE-2022-32155 | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk In universal forwarder versions before 9.0, management services are available remotely by default. | 7.5 |
| 2022-06-15 | CVE-2022-32156 | Improper Certificate Validation vulnerability in Splunk In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. | 8.1 |
| 2022-06-15 | CVE-2022-32157 | Missing Authentication for Critical Function vulnerability in Splunk Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. | 7.5 |
| 2022-06-02 | CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | 7.5 |
| 2022-06-02 | CVE-2022-27778 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |
| 2022-06-02 | CVE-2022-27780 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. | 7.5 |