Vulnerabilities > Splunk > Universal Forwarder > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-30 CVE-2023-27535 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27536 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27537 Double Free vulnerability in multiple products
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles".
network
high complexity
haxx netapp broadcom splunk CWE-415
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-02-23 CVE-2023-23915 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel.
network
low complexity
haxx netapp splunk CWE-319
6.5
2023-02-23 CVE-2023-23916 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms.
network
low complexity
haxx fedoraproject debian netapp splunk CWE-770
6.5
2023-02-09 CVE-2022-43552 Use After Free vulnerability in multiple products
A use after free vulnerability exists in curl <7.87.0.
network
high complexity
haxx apple splunk CWE-416
5.9
2022-12-05 CVE-2022-35260 Out-of-bounds Write vulnerability in multiple products
curl can be told to parse a `.netrc` file for credentials.
network
low complexity
haxx netapp apple splunk CWE-787
6.5
2022-07-07 CVE-2022-32205 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them.
4.3
2022-07-07 CVE-2022-32206 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms.
6.5