Vulnerabilities > Splunk > Universal Forwarder

DATE CVE VULNERABILITY TITLE RISK
2021-04-01 CVE-2021-22876 Information Exposure vulnerability in multiple products
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header.
5.3
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5
2020-12-14 CVE-2020-8284 A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. 3.7
2020-12-14 CVE-2020-8231 Use After Free vulnerability in multiple products
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
network
low complexity
haxx siemens debian oracle splunk CWE-416
7.5
2020-12-14 CVE-2020-8177 Injection vulnerability in multiple products
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
local
low complexity
haxx debian fujitsu siemens splunk CWE-74
7.8
2020-12-14 CVE-2020-8169 Information Exposure vulnerability in multiple products
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
network
low complexity
haxx siemens debian splunk CWE-200
7.5
2020-06-15 CVE-2020-14155 Integer Overflow or Wraparound vulnerability in multiple products
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
network
low complexity
pcre apple gitlab oracle netapp splunk CWE-190
5.3
2020-06-15 CVE-2019-20838 Out-of-bounds Read vulnerability in multiple products
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
network
low complexity
pcre apple splunk CWE-125
7.5
2020-02-14 CVE-2019-20454 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode.
network
low complexity
pcre fedoraproject splunk CWE-125
7.5