9.0.4

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-23	CVE-2022-43551	Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. network low complexity haxx fedoraproject netapp splunk CWE-319	7.5
2022-12-05	CVE-2022-32221	Exposure of Resource to Wrong Sphere vulnerability in multiple products When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. network low complexity haxx netapp debian apple splunk CWE-668 critical	9.8
2022-12-05	CVE-2022-35260	Out-of-bounds Write vulnerability in multiple products curl can be told to parse a `.netrc` file for credentials. network low complexity haxx netapp apple splunk CWE-787	6.5
2022-11-22	CVE-2022-36227	NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. network low complexity libarchive debian fedoraproject splunk CWE-476 critical	9.8
2022-10-29	CVE-2022-42915	Double Free vulnerability in multiple products curl before 7.86.0 has a double free. network high complexity haxx fedoraproject netapp apple splunk CWE-415	8.1
2022-10-29	CVE-2022-42916	Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. network low complexity haxx fedoraproject apple splunk CWE-319	7.5
2022-09-23	CVE-2022-35252	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. network high complexity haxx netapp apple debian splunk	3.7
2022-08-23	CVE-2021-31566	Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. local low complexity libarchive fedoraproject redhat debian splunk CWE-59	7.8
2022-08-03	CVE-2022-35737	Improper Validation of Array Index vulnerability in multiple products SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. network low complexity sqlite netapp splunk CWE-129	7.5
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3