Export limit exceeded: 347893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.8 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | ||||
| CVE-2024-45738 | 1 Splunk | 1 Splunk | 2025-02-28 | 4.9 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | ||||
| CVE-2023-22939 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 8.1 High |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | ||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | ||||
| CVE-2024-22165 | 1 Splunk | 1 Enterprise Security | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | ||||
| CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | ||||
| CVE-2024-36996 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-02-28 | 5.3 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme. | ||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8.8 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||
| CVE-2023-36912 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-27 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-35376 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-27 | 6.5 Medium |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-38254 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-27 | 6.5 Medium |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-35377 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-27 | 6.5 Medium |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2023-36893 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2023-22301 | 1 Openatom | 1 Openharmony | 2025-02-27 | 6.5 Medium |
| The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | ||||
| CVE-2022-24093 | 1 Adobe | 2 Commerce, Magento Open Source | 2025-02-27 | 9.1 Critical |
| Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. | ||||
| CVE-2023-40725 | 1 Siemens | 1 Qms Automotive | 2025-02-27 | 4 Medium |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames. | ||||
| CVE-2023-32649 | 1 Nozominetworks | 2 Cmc, Guardian | 2025-02-27 | 7.5 High |
| A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed. | ||||
| CVE-2023-22382 | 1 Qualcomm | 58 Apq8064au, Apq8064au Firmware, Msm8996au and 55 more | 2025-02-27 | 7.4 High |
| Weak configuration in Automotive while VM is processing a listener request from TEE. | ||||
| CVE-2023-24853 | 1 Qualcomm | 226 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 223 more | 2025-02-27 | 8.4 High |
| Memory Corruption in HLOS while registering for key provisioning notify. | ||||
| CVE-2023-26367 | 1 Adobe | 2 Commerce, Magento | 2025-02-27 | 4.9 Medium |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | ||||