Vulnerabilities > Splunk > Universal Forwarder > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-14 CVE-2020-8231 Use After Free vulnerability in multiple products
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
network
low complexity
haxx siemens debian oracle splunk CWE-416
7.5
2020-12-14 CVE-2020-8177 Injection vulnerability in multiple products
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
local
low complexity
haxx debian fujitsu siemens splunk CWE-74
7.8
2020-12-14 CVE-2020-8169 Information Exposure vulnerability in multiple products
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
network
low complexity
haxx siemens debian splunk CWE-200
7.5
2020-06-15 CVE-2019-20838 Out-of-bounds Read vulnerability in multiple products
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
network
low complexity
pcre apple splunk CWE-125
7.5
2020-02-14 CVE-2019-20454 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode.
network
low complexity
pcre fedoraproject splunk CWE-125
7.5