SVD-2024-0718<\/a><\/td> | 2024-07-01<\/td> | Third-Party Package Updates in Splunk Enterprise – July 2024<\/a><\/gwmw><\/td> | High<\/td> | <\/td><\/tr> |
SVD-2024-0717<\/a><\/td> | 2024-07-01<\/td> | Persistent Cross-site Scripting (XSS) in conf-web\/settings REST endpoint<\/a><\/td> | Medium<\/td> | CVE-2024-36997<\/a><\/td><\/tr> |
SVD-2024-0716<\/a><\/td> | 2024-07-01<\/td> | Information Disclosure of user names<\/a><\/td> | Medium<\/td> | CVE-2024-36996<\/a><\/td><\/tr> |
SVD-2024-0715<\/a><\/td> | 2024-07-01<\/td> | Low-privileged user could create experimental items<\/a><\/td> | Medium<\/td> | CVE-2024-36995<\/a><\/td><\/tr> |
SVD-2024-0714<\/a><\/td> | 2024-07-01<\/td> | Persistent Cross-site Scripting (XSS) in Dashboard Elements<\/a><\/td> | Medium<\/td> | CVE-2024-36994<\/a><\/td><\/tr> |
SVD-2024-0713<\/a><\/td> | 2024-07-01<\/td> | Persistent Cross-site Scripting (XSS) in Web Bulletin<\/a><\/td> | Medium<\/td> | CVE-2024-36993<\/a><\/td><\/tr> |
SVD-2024-0712<\/a><\/td> | 2024-07-01<\/td> | Persistent Cross-site Scripting (XSS) in Dashboard Elements<\/a><\/td> | Medium<\/td> | CVE-2024-36992<\/a><\/td><\/tr> |
SVD-2024-0711<\/a><\/td> | 2024-07-01<\/td> | Path Traversal on the \u201c\/modules\/messaging\/\u201c endpoint in Splunk Enterprise on Windows<\/a><\/td> | High<\/td> | CVE-2024-36991<\/a><\/td><\/tr> |
SVD-2024-0710<\/a><\/td> | 2024-07-01<\/td> | Denial of Service (DoS) on the datamodel\/web REST endpoint<\/a><\/td> | Medium<\/td> | CVE-2024-36990<\/a><\/td><\/tr> |
SVD-2024-0709<\/a><\/td> | 2024-07-01<\/td> | Low-privileged user could create notifications in Splunk Web Bulletin Messages<\/a><\/td> | Medium<\/td> | CVE-2024-36989<\/a><\/td><\/tr> |
SVD-2024-0708<\/a><\/td> | 2024-07-01<\/td> | OpenSSL crypto library (libcrypto.so) incorrectly compiled with stack execution bit set in Splunk Enterprise and Universal Forwarder on certain operating systems<\/a><\/td> | Informational<\/td> | <\/a><\/td><\/tr> |
SVD-2024-0707<\/a><\/td> | 2024-07-01<\/td> | Insecure File Upload in the indexing\/preview REST endpoint<\/a><\/td> | Medium<\/td> | CVE-2024-36987<\/a><\/td><\/tr> |
SVD-2024-0706<\/a><\/td> | 2024-07-01<\/td> | Risky command safeguards bypass through Search ID query in Analytics Workspace<\/a><\/td> | Medium<\/td> | CVE-2024-36986<\/a><\/td><\/tr> |
SVD-2024-0705<\/a><\/td> | 2024-07-01<\/td> | Remote Code Execution (RCE) through an external lookup due to \u201ccopybuckets.py\u201c script in the \u201csplunk_archiver\u201c application in Splunk Enterprise<\/a><\/td> | High<\/td> | CVE-2024-36985<\/a><\/gwmw><\/td><\/tr> |
SVD-2024-0704<\/a><\/td> | 2024-07-01<\/td> | Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows<\/a><\/td> | High<\/td> | CVE-2024-36984<\/a><\/td><\/tr> |
SVD-2024-0703<\/a><\/td> | 2024-07-01<\/td> | Command Injection using External Lookups<\/a><\/td> | High<\/td> | CVE-2024-36983<\/a><\/td><\/tr> |
SVD-2024-0702<\/a><\/td> | 2024-07-01<\/td> | Denial of Service through null pointer reference in \u201ccluster\/config\u201d REST endpoint<\/a><\/td> | High<\/td> | CVE-2024-36982<\/a><\/td><\/tr> |
SVD-2024-0701<\/a><\/td> | 2024-07-01<\/td> | Remote Code Execution through dashboard PDF generation component<\/a><\/td> | High<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n The company did not reveal if one of these vulnerabilities was actively exploited in the wild.<\/p>\n\n\n\n Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n (<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, RCE)<\/strong><\/p>\n\n\n\n <\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":" Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to \u201ccopybuckets.py\u201c script in the \u201csplunk_archiver\u201c application in Splunk […]<\/p>\n","protected":false},"author":1,"featured_media":77238,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[4112,9508,9506,10918,687,841,1533,6500],"class_list":["post-165204","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-splunk"],"yoast_head":"\n杭州江阴科强工业胶带有限公司 |