Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-05	CVE-2021-22925	Use of Uninitialized Resource vulnerability in multiple products curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. network low complexity haxx fedoraproject netapp apple oracle siemens splunk CWE-908	5.3
2021-07-20	CVE-2021-36976	Use After Free vulnerability in multiple products libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). network low complexity libarchive fedoraproject apple splunk CWE-416	6.5
2021-06-11	CVE-2021-22897	Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. network low complexity haxx oracle netapp siemens splunk CWE-668	5.3
2021-04-01	CVE-2021-22876	Information Exposure vulnerability in multiple products curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. network low complexity haxx fedoraproject netapp broadcom debian siemens oracle splunk CWE-200	5.3
2020-06-15	CVE-2020-14155	Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. network low complexity pcre apple gitlab oracle netapp splunk CWE-190	5.3
2020-01-23	CVE-2013-6772	Improper Restriction of Rendered UI Layers or Frames vulnerability in Splunk Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking network low complexity splunk CWE-1021	4.3
2019-02-21	CVE-2019-5727	Cross-site Scripting vulnerability in Splunk Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. network low complexity splunk CWE-79	5.4
2018-10-23	CVE-2018-7431	Path Traversal vulnerability in Splunk Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. network low complexity splunk CWE-22	6.5
2018-10-23	CVE-2018-7427	Cross-site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity splunk CWE-79	6.1
2018-06-08	CVE-2018-11409	Information Exposure vulnerability in Splunk Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. network low complexity splunk CWE-200	5.3