Vulnerabilities > Splunk > Universal Forwarder > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-27533 | Injection vulnerability in multiple products A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. | 8.8 |
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2022-12-23 | CVE-2022-43551 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. | 7.5 |
| 2022-10-29 | CVE-2022-42915 | Double Free vulnerability in multiple products curl before 7.86.0 has a double free. | 8.1 |
| 2022-10-29 | CVE-2022-42916 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. | 7.5 |
| 2022-08-23 | CVE-2021-31566 | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. | 7.8 |
| 2022-08-03 | CVE-2022-35737 | Improper Validation of Array Index vulnerability in multiple products SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | 7.5 |
| 2022-06-15 | CVE-2022-32156 | Improper Certificate Validation vulnerability in Splunk In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. | 8.1 |
| 2022-06-02 | CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | 7.5 |
| 2022-06-02 | CVE-2022-27778 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |