Lucene search
K
SplunkUniversal Forwarder

61 matches found

CVE
CVE
added 2022/12/05 12:0 a.m.1034 views

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

9.8CVSS8.6AI score0.04325EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.915 views

CVE-2022-43552

The CVE-2022-43552 vulnerability affects curl

5.9CVSS6.2AI score0.02511EPSS
CVE
CVE
added 2022/12/23 12:0 a.m.792 views

CVE-2022-43551

CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...

7.5CVSS7.3AI score0.17011EPSS
CVE
CVE
added 2021/06/02 12:32 p.m.662 views

CVE-2021-3520

CVE-2021-3520 affects the lz4 library and is caused by an integer overflow that can lead to memmove being called with a negative size, resulting in out-of-bounds writes or a crash. Documented impacts emphasize availability (with possible confidentiality/integrity impact). Concrete remediation det...

9.8CVSS9.3AI score0.03216EPSS
CVE
CVE
added 2022/10/29 12:0 a.m.639 views

CVE-2022-42916

CVE-2022-42916 affects curl’s HSTS check: when hostnames contain IDN characters that map to ASCII (e.g., IDEOGRAPHIC FULL STOP U+3002), curl can bypass HSTS and end up using HTTP instead of HTTPS. This could lead to cleartext transmission if an HTTP URL is provided. The issue is tied to curl vers...

7.5CVSS8.3AI score0.01644EPSS
CVE
CVE
added 2022/11/22 12:0 a.m.617 views

CVE-2022-36227

CVE-2022-36227 affects libarchive (before 3.6.2). The bug is a NULL pointer dereference caused by not checking the result of calloc, which can return NULL and lead to dereference. Some sources acknowledge that this could in rare circumstances permit arbitrary code execution if NULL is treated as ...

9.8CVSS9.4AI score0.01936EPSS
CVE
CVE
added 2022/09/23 12:0 a.m.589 views

CVE-2022-35252

CVE-2022-35252 affects curl’s handling of cookies containing control codes; when such cookies are echoed back to a server, the server may return 400 responses, effectively enabling a “sister site” to deny service to other siblings. Public advisories confirm this is fixed in curl updates across se...

3.7CVSS4.7AI score0.01788EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.559 views

CVE-2023-23916

CVE-2023-23916 involves curl before 7.88.0 where an attacker could abuse the chained HTTP compression chain to create a degenerate decompression path. Although the cap on the number of links is per header, a malicious server can inject many headers to form an effectively unlimited decompression c...

6.5CVSS6.7AI score0.01703EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.554 views

CVE-2023-23914

CVE-2023-23914 affects curl before 7.88.0, related to cleartext transmission and HSTS handling. The issue occurs when multiple URLs are requested serially on the same command line, where the HSTS state may not be carried forward, causing curl to unexpectedly use insecure HTTP despite HTTPs in the...

9.1CVSS8.8AI score0.00858EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.548 views

CVE-2020-8286

The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...

7.5CVSS7.6AI score0.04575EPSS
CVE
CVE
added 2022/08/03 12:0 a.m.515 views

CVE-2022-35737

CVE-2022-35737 affects SQLite, with vulnerable versions 1.0.12–3.39.x, before 3.39.2. The issue is an array-bounds overflow triggered by very large string arguments to a C API, which can cause a crash and, in some advisories, potentially allow arbitrary code execution. The documented fix is to up...

7.5CVSS7.8AI score0.19193EPSS
CVE
CVE
added 2021/09/29 12:0 a.m.493 views

CVE-2021-22947

CVE-2021-22947 affects curl when connecting to IMAP/POP3 servers using STARTTLS: multiple responses are cached before TLS, and after upgrading to TLS curl may trust pre‑TLS data, enabling a MITM injection of data. Affected releases range from curl 7.20.0 up to 7.78.0; exploitation details are not...

5.9CVSS7AI score0.02799EPSS
CVE
CVE
added 2020/12/14 7:42 p.m.485 views

CVE-2020-8177

CVE-2020-8177 affects curl up to 7.70.0, where -J/--remote-header-name combined with -i/--include could allow a malicious server to overwrite a local file due to improper restriction of file names. Connected advisories confirm this vulnerability across distributions (Debian, CentOS, Alpine, Amazo...

7.8CVSS7.2AI score0.01236EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.481 views

CVE-2023-23915

CVE-2023-23915 affects multiple packages (e.g., rust 1.59.0-1, mysql 8.0.32-1, cmake 3.21.4-3, tensorflow <2.16.1-1, rust <1.72.0-2, cmake <3.28.2-1, mysql =2.16.1-1, cmake >=3.28.2-1, mysql >=8.0.33-1) to resolve the issue. The initial curl CVE description documents a separate HST...

6.5CVSS6.2AI score0.00861EPSS
CVE
CVE
added 2021/08/05 8:16 p.m.455 views

CVE-2021-22924

CVE-2021-22924 — libcurl connection reuse flaw : The issue arises when libcurl reuses connections from its pool without correctly accounting for the issuer certificate and with path comparisons that are case-insensitive. This can cause a transfer to use the wrong, previously opened connection. Pu...

4.3CVSS5.7AI score0.0627EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.455 views

CVE-2021-22925

CVE-2021-22925 affects curl/libcurl’s TELNET OPTION handling (-t / CURLOPT_TELNETOPTIONS). A flaw in the option parser for NEW_ENV variables can cause uninitialized data from a stack buffer to be sent to the server, due to incorrect sscanf usage when parsing the provided string. This could reveal...

5.3CVSS6.3AI score0.04929EPSS
CVE
CVE
added 2021/04/01 5:45 p.m.442 views

CVE-2021-22876

The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...

5.3CVSS5.7AI score0.05301EPSS
CVE
CVE
added 2021/09/29 12:0 a.m.413 views

CVE-2021-22946

CVE-2021-22946 affects curl before 7.82.0 (and within 7.20.0–7.78.0 per description) where the --ssl-reqd option or CURLUSESSL controls could be bypassed if a server crafts a legitimate response, allowing curl to continue without TLS. Connected sources confirm this flaw exists across multiple eco...

7.5CVSS7.6AI score0.04224EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.412 views

CVE-2020-8231

CVE-2020-8231 affects libcurl/curl: a dangling pointer could cause the library to use the wrong connection when CURLOPT_CONNECT_ONLY is set, potentially leading to information leaks. Public references in the provided connected docs show affected curl/libcurl versions ranging from 7.29.0 through 7...

7.5CVSS7.5AI score0.03721EPSS
CVE
CVE
added 2021/08/03 12:0 a.m.406 views

CVE-2021-30560

CVE-2021-30560 is a use-after-free vulnerability in the Blink XSLT component of the Chromium/Google Chrome rendering engine prior to version 91.0.4472.164. The documented impact is potential heap corruption/execution of arbitrary code via a crafted HTML page. Connected advisories consistently ref...

8.8CVSS9AI score0.21623EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.404 views

CVE-2021-22898

CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...

3.1CVSS5.3AI score0.04385EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.401 views

CVE-2022-27776

CVE-2022-27776 is a curl vulnerability where credentials could be leaked during HTTP redirects to the same host on a different port. Root cause: insufficiently protected credentials in redirect handling. Impact: potential exposure of authentication or cookie headers. Affected: curl/libcurl across...

6.5CVSS7.3AI score0.03425EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.395 views

CVE-2020-8285

CVE-2020-8285 is a curl/libcurl vulnerability in the FTP wildcard match parsing. The issue triggers uncontrolled recursion leading to a stack overflow when the internal callback returns CURL_CHUNK_BGN_FUNC_SKIP repeatedly, potentially causing a crash. Affected software includes curl/libcurl from ...

7.5CVSS7.7AI score0.09917EPSS
CVE
CVE
added 2020/12/14 7:41 p.m.392 views

CVE-2020-8169

CVE-2020-8169 affects curl/libcurl 7.62.0–7.70.0. Root cause: libcurl could be tricked into prepending part of a password to the host name before DNS resolution, potentially leaking a partial password over the network and to DNS servers. Impact: information disclosure of partial credentials. Affe...

7.5CVSS7AI score0.03427EPSS
CVE
CVE
added 2020/12/14 7:38 p.m.385 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.369 views

CVE-2022-27782

CVE-2022-27782 affects curl/libcurl: it can reuse a previously created connection when TLS/SSH-related options were changed, due to incomplete configuration-matching checks. Connected advisories confirm this issue across multiple platforms (AIX, Amazon Linux, CloudLinux/CentOS, Cloud Foundry) and...

7.5CVSS7.8AI score0.02596EPSS
CVE
CVE
added 2021/04/01 5:46 p.m.358 views

CVE-2021-22890

CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...

4.3CVSS4.9AI score0.03141EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.348 views

CVE-2022-27780

CVE-2022-27780 affects curl: the URL parser can wrongly decode percent-encoded separators in the host portion, causing a URL like http://example.com%2F127.0.0.1/ to be interpreted as http://example.com/127.0.0.1/, potentially bypassing filters. Affected software is curl (core library). The flaw’s...

7.5CVSS7.2AI score0.02187EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.346 views

CVE-2021-22922

CVE-2021-22922 affects curl’s Metalink download flow: when multiple URLs are provided, a content hash mismatch on a breached server is not discarded during download, allowing potentially malicious data to be kept on disk. Public advisories and vendor bulletins confirm patches in patched curl rele...

6.5CVSS6.6AI score0.04313EPSS
CVE
CVE
added 2021/09/23 12:0 a.m.343 views

CVE-2021-22945

Summary: CVE-2021-22945 affects libcurl/curl when sending data to an MQTT server, where in some cases a pointer to freed memory could be reused and freed again. This is a memory-use-after-free/double-free issue in libcurl. What is affected: libcurl/curl (MQTT data transmission scenarios) with vul...

9.1CVSS8.9AI score0.06216EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.334 views

CVE-2021-22923

CVE-2021-22923 affects curl's metalink feature: when downloading a metalink XML with user credentials, those credentials are subsequently passed to each server curls contacts, potentially leaking credentials to multiple endpoints. Technical details across sources confirm this credential exposure ...

5.3CVSS6.1AI score0.01843EPSS
CVE
CVE
added 2022/10/29 12:0 a.m.326 views

CVE-2022-42915

CVE-2022-42915 affects curl. A double-free can occur in curl 7.77.0 and later when using an HTTP proxy for non-HTTP(S) URLs, if the proxy returns a non-200 status and the URL uses schemes such as dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The error/cleanup path may trigger the me...

8.1CVSS8.9AI score0.02927EPSS
CVE
CVE
added 2020/06/15 12:0 a.m.324 views

CVE-2020-14155

CVE-2020-14155 concerns the PCRE library: libpcre in PCRE versions prior to 8.44 allows an integer overflow when parsing a large number after a (?C substring. The issue is the result of an input validation/overflow bug in PCRE’s handling of certain regular expressions, potentially enabling memory...

5.3CVSS6.4AI score0.04182EPSS
CVE
CVE
added 2023/03/30 12:0 a.m.324 views

CVE-2023-27534

CVE-2023-27534 affects curl’s SFTP path handling in versions before 8.0.0, where tilde (~) processing can be misapplied when prefixing the first path element (e.g., /~2/foo). This can allow bypassing filters or potentially enable arbitrary code access on a targeted server; the issue is tied to th...

8.8CVSS8.8AI score0.02195EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.323 views

CVE-2022-27781

CVE-2022-27781 affects libcurl builds using NSS; due to an erroneous function, a malicious server could cause libcurl to enter a never-ending busy-loop when retrieving certificate information, impacting availability. Affected advisories suggest upgrading curl/libcurl to a patched version (e.g., n...

7.5CVSS7.4AI score0.02434EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.317 views

CVE-2022-32206

CVE-2022-32206 affects curl

6.5CVSS7.9AI score0.3197EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.313 views

CVE-2022-27774

CVE-2022-27774 affects curl. The vulnerability is described as an insufficiently protected credentials issue where credentials could be leaked during HTTP(S) redirects when authentication is involved, potentially leaking to other hosts across different protocols or ports. Connected advisories sho...

5.7CVSS6.7AI score0.01595EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.313 views

CVE-2022-32208

CVE-2022-32208 affects curl when performing FTP transfers secured by krb5 prior to version 7.84.0. The vulnerability arises from how message verification failures are handled during krb5-secured FTP transfers, enabling a man-in-the-middle to go unnoticed and potentially inject data to the client....

5.9CVSS7.4AI score0.05595EPSS
CVE
CVE
added 2022/07/07 12:0 a.m.306 views

CVE-2022-32207

CVE-2022-32207 affects curl: when saving cookies, alt-svc and HSTS data, the final rename can widen target file permissions, exposing updates to more users. Affected versions are curl before 7.84.0; remediation is to upgrade to 7.84.0 or newer (as indicated by multiple advisories).

9.8CVSS8.9AI score0.05481EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.299 views

CVE-2022-35260

CVE-2022-35260 affects curl. When curl parses a .netrc file for credentials, if the file ends with a line of 4095 consecutive non-whitespace characters and no newline, curl could read past the end of a stack-based buffer and, if the read succeeds, write a zero byte beyond its boundary, causing a ...

6.5CVSS7.5AI score0.01761EPSS
CVE
CVE
added 2022/05/26 12:0 a.m.298 views

CVE-2022-22576

CVE-2022-22576 is an improper authentication vulnerability in curl 7.33.0 through 7.82.0 that may allow reuse of OAuth2-authenticated connections without confirming the credentials used for the transfer, affecting SASL-enabled protocols (SMPTP(S), IMAP(S), POP3(S), LDAP(S) via OpenLDAP). The root...

8.1CVSS8AI score0.01914EPSS
CVE
CVE
added 2021/08/05 12:0 a.m.296 views

CVE-2021-22926

CVE-2021-22926 affects curl/libcurl where using CURLOPT_SSLCERT can be spoofed when libcurl uses macOS Secure Transport. A writable current working directory attacker can cause the app to select a file-based cert over a named cert, resulting in the wrong client certificate being sent in TLS hands...

7.5CVSS7.2AI score0.0982EPSS
CVE
CVE
added 2020/06/15 4:50 p.m.291 views

CVE-2019-20838

CVE-2019-20838 is a PCRE/PCRE2 vulnerability where libpcre had a subject buffer over-read during JIT compilation in non-UTF mode when the pattern uses \X or \R with more than one fixed quantifier. Affected versions include PCRE up to 8.43; remediation is to upgrade to a patched PCRE (e.g., 8.43+;...

7.5CVSS6.7AI score0.0277EPSS
CVE
CVE
added 2020/02/14 12:0 a.m.288 views

CVE-2019-20454

CVE-2019-20454 is a PCRE2 out-of-bounds read vulnerability triggered when the pattern \X is JIT-compiled and matched in non-UTF mode. The flaw occurs in do_extuni_no_utf inside pcre2_jit_compile.c and can cause an application crash when parsing untrusted input. Affected history and related adviso...

7.5CVSS5.9AI score0.01522EPSS
CVE
CVE
added 2022/06/01 12:0 a.m.285 views

CVE-2022-27775

Curl contains an information‑disclosure flaw (CVE-2022-27775) in versions 7.65.0–7.82.0 where an IPv6 address from the pool could be reused with a different zone id, enabling potential leakage through connection reuse. Affected platforms in connected advisories indicate curl/libcurl fixes have be...

7.5CVSS7.1AI score0.02794EPSS
CVE
CVE
added 2023/03/30 12:0 a.m.284 views

CVE-2023-27535

CVE-2023-27535 affects libcurl

5.9CVSS7.3AI score0.01607EPSS
CVE
CVE
added 2022/08/23 12:0 a.m.278 views

CVE-2021-31566

CVE-2021-31566 affects the libarchive library and is documented across multiple advisories. The flaw is an improper link resolution during archive extraction that can change file modes, times, ACLs and flags of files outside the archive, potentially enabling a local privilege escalation. Connecte...

7.8CVSS7.7AI score0.00366EPSS
CVE
CVE
added 2023/03/30 12:0 a.m.274 views

CVE-2023-27536

CVE-2023-27536 affects libcurl

5.9CVSS7AI score0.01566EPSS
CVE
CVE
added 2023/03/30 12:0 a.m.272 views

CVE-2023-27533

CVE-2023-27533 affects curl = 8.0.1 as seen in ALAS2-2023-2070 and other advisories). No exploitation status is provided in the sources; assess risk based on environment and patch availability.

9.8CVSS8.8AI score0.01993EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.264 views

CVE-2021-22901

CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...

8.1CVSS8.2AI score0.60122EPSS
Total number of security vulnerabilities61