Vulnerabilities > Splunk > Universal Forwarder > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2023-23914 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially.
network
low complexity
haxx netapp splunk CWE-319
critical
9.1
2022-12-05 CVE-2022-32221 Exposure of Resource to Wrong Sphere vulnerability in multiple products
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback.
network
low complexity
haxx netapp debian apple splunk CWE-668
critical
9.8
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
9.8
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
9.8
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
9.1
2021-06-02 CVE-2021-3520 There's a flaw in lz4.
network
low complexity
lz4-project netapp oracle splunk
critical
9.8