Vulnerabilities > Splunk > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-8177 | Injection vulnerability in multiple products curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 7.8 |
| 2020-12-14 | CVE-2020-8169 | Information Exposure vulnerability in multiple products curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | 7.5 |
| 2020-06-15 | CVE-2019-20838 | Out-of-bounds Read vulnerability in multiple products libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | 7.5 |
| 2020-02-14 | CVE-2019-20454 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. | 7.5 |
| 2020-01-23 | CVE-2013-6773 | Improper Privilege Management vulnerability in Splunk Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | 7.8 |
| 2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 7.8 |
| 2019-03-21 | CVE-2019-5729 | Improper Certificate Validation vulnerability in Splunk Software Development KIT Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. | 8.1 |
| 2018-10-23 | CVE-2018-7432 | Improper Input Validation vulnerability in Splunk Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | 7.5 |
| 2018-10-23 | CVE-2018-7429 | Improper Input Validation vulnerability in Splunk Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | 7.5 |
| 2018-10-19 | CVE-2017-18348 | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access. | 7.0 |