Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Splunk Subscribe
Total 186 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1908 1 Splunk 1 Splunk 2012-08-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-4644 1 Splunk 1 Splunk 2012-01-26 9.3 HIGH N/A
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
CVE-2010-3323 1 Splunk 1 Splunk 2010-09-14 4.6 MEDIUM N/A
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
CVE-2010-2504 1 Splunk 1 Splunk 2010-06-29 6.0 MEDIUM N/A
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
CVE-2010-2503 1 Splunk 1 Splunk 2010-06-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
CVE-2010-2502 1 Splunk 1 Splunk 2010-06-29 7.5 HIGH N/A
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067.