Universal Forwarder Security Vulnerabilities - 2020
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The...
7.5CVSS
5.9AI Score
0.001EPSS
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
7.5CVSS
6.7AI Score
0.01EPSS
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
5.3CVSS
6.4AI Score
0.007EPSS
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
7.5CVSS
7AI Score
0.007EPSS
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
7.8CVSS
7.2AI Score
0.001EPSS
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
7.5CVSS
7.5AI Score
0.003EPSS
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...
3.7CVSS
6AI Score
0.001EPSS
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
7.5CVSS
7.7AI Score
0.007EPSS
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
7.5CVSS
7.6AI Score
0.004EPSS