Vulnerabilities > Splunk > Universal Forwarder > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-30 CVE-2023-27533 Injection vulnerability in multiple products
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation.
network
low complexity
haxx fedoraproject netapp splunk CWE-74
8.8
2023-03-30 CVE-2023-27534 Path Traversal vulnerability in multiple products
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory.
network
low complexity
haxx fedoraproject netapp broadcom splunk CWE-22
8.8
2022-12-23 CVE-2022-43551 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
network
low complexity
haxx fedoraproject netapp splunk CWE-319
7.5
2022-10-29 CVE-2022-42915 Double Free vulnerability in multiple products
curl before 7.86.0 has a double free.
network
high complexity
haxx fedoraproject netapp apple splunk CWE-415
8.1
2022-10-29 CVE-2022-42916 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP.
network
low complexity
haxx fedoraproject apple splunk CWE-319
7.5
2022-08-23 CVE-2021-31566 Link Following vulnerability in multiple products
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8
2022-08-03 CVE-2022-35737 Improper Validation of Array Index vulnerability in multiple products
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
network
low complexity
sqlite netapp splunk CWE-129
7.5
2022-06-15 CVE-2022-32156 Improper Certificate Validation vulnerability in Splunk
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default.
network
high complexity
splunk CWE-295
8.1
2022-06-02 CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
network
low complexity
haxx debian netapp brocade splunk
7.5
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1