Approved changes feed: RSS · Atom
cpe:2.3:a:splunk:splunk:*:*:*:*:light:*:*:*
part: a version: * update: *
| Vendor | Splunk (0f7ef08f-e3f5-59a4-ba5f-26afb7835b46) |
|---|---|
| Product | Splunk (22a1d8ad-9b0f-51c8-ad24-657c0c14204c) |
| Edition | * |
| Language | * |
| Software edition | light |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-5727 |
vulnerable | 2026-06-03 14:40:35.970030 |
Details available
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
Published: 2019-02-21T01:00:00.000Z
Updated: 2024-08-04T20:01:52.220Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7432 |
vulnerable | 2026-06-03 14:39:06.885270 |
Details available
Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.
Published: 2018-10-23T21:00:00.000Z
Updated: 2024-08-05T06:24:11.992Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7431 |
vulnerable | 2026-06-03 14:39:06.884933 |
Details available
Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
Published: 2018-10-23T21:00:00.000Z
Updated: 2024-08-05T06:24:12.089Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7429 |
vulnerable | 2026-06-03 14:39:06.884588 |
Details available
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.
Published: 2018-10-23T21:00:00.000Z
Updated: 2024-08-05T06:24:11.859Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7427 |
vulnerable | 2026-06-03 14:39:06.883610 |
Details available
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2018-10-23T21:00:00.000Z
Updated: 2024-08-05T06:24:11.877Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5880 |
vulnerable | 2026-06-03 14:37:26.576840 |
Details available
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279.
Published: 2017-02-04T05:20:00.000Z
Updated: 2024-08-05T15:11:48.737Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-5607 |
vulnerable | 2026-06-03 14:37:24.126132 |
Details available
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.
Published: 2017-04-10T15:00:00.000Z
Updated: 2024-08-05T15:04:15.344Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4859 |
vulnerable | 2026-06-03 14:35:53.596814 |
Details available
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Published: 2017-05-12T18:00:00.000Z
Updated: 2024-08-06T00:46:38.464Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4858 |
vulnerable | 2026-06-03 14:35:53.569518 |
Details available
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2017-05-12T18:00:00.000Z
Updated: 2024-08-06T00:46:38.458Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4857 |
vulnerable | 2026-06-03 14:35:53.557979 |
Details available
Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Published: 2017-05-12T18:00:00.000Z
Updated: 2024-08-06T00:46:38.451Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.