Vulnerabilities > Splunk > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-27781 Infinite Loop vulnerability in multiple products
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
network
low complexity
haxx debian netapp splunk CWE-835
7.5
2022-06-02 CVE-2022-27782 Improper Certificate Validation vulnerability in multiple products
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.
network
low complexity
haxx debian splunk CWE-295
7.5
2022-05-26 CVE-2022-22576 Missing Authentication for Critical Function vulnerability in multiple products
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer.
network
low complexity
haxx debian netapp brocade splunk CWE-306
8.1
2022-05-06 CVE-2021-26253 Unspecified vulnerability in Splunk
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6.
network
high complexity
splunk
8.1
2022-05-06 CVE-2021-31559 Unspecified vulnerability in Splunk
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1.
network
low complexity
splunk
7.5
2022-05-06 CVE-2021-42743 Uncontrolled Search Path Element vulnerability in Splunk
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
local
low complexity
splunk CWE-427
7.8
2022-05-06 CVE-2022-26889 Path Traversal vulnerability in Splunk 8.1.0/8.1.1
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal.
network
low complexity
splunk CWE-22
8.8
2022-03-25 CVE-2021-3422 Improper Input Validation vulnerability in Splunk
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic.
network
low complexity
splunk CWE-20
7.5
2021-09-29 CVE-2021-22946 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl).
7.5
2021-08-05 CVE-2021-22926 Improper Certificate Validation vulnerability in multiple products
libcurl-using applications can ask for a specific client certificate to be used in a transfer.
network
low complexity
haxx netapp oracle siemens splunk CWE-295
7.5