Universal Forwarder Security Vulnerabilities and Issues — Page 2 of Universal Forwarder CVE List

Lucene search

SplunkUniversal Forwarder

60 matches found

CVE•added 2023/03/30 8:15 p.m.•205 views

CVE-2023-27533

A vulnerability in input validation exists in curl

8.8CVSS8.8AI score0.00098EPSS

CVE•added 2022/06/02 2:15 p.m.•193 views

CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix List awareness. If PSL support not provided, a more rudimentary check ...

5.3CVSS6.1AI score0.00172EPSS

CVE•added 2022/06/02 2:15 p.m.•192 views

CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error.

8.1CVSS7.8AI score0.00539EPSS

CVE•added 2020/02/14 2:15 p.m.•189 views

CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The...

7.5CVSS5.9AI score0.00121EPSS

CVE•added 2022/06/02 2:15 p.m.•186 views

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the ...

4.3CVSS5.4AI score0.00045EPSS

CVE•added 2023/03/30 8:15 p.m.•183 views

CVE-2023-27538

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent ...

7.7CVSS7.1AI score0.00012EPSS

CVE•added 2021/06/11 4:15 p.m.•165 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.5AI score0.00761EPSS

CVE•added 2023/03/30 8:15 p.m.•107 views

CVE-2023-27537

A double free vulnerability exists in libcurl

5.9CVSS5.7AI score0.00053EPSS

CVE•added 2022/08/16 9:15 p.m.•102 views

CVE-2022-37439

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed...

5.5CVSS5.4AI score0.00058EPSS

CVE•added 2022/06/15 5:15 p.m.•81 views

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI http...

8.1CVSS8.2AI score0.00185EPSS

Total number of security vulnerabilities60