CVE-2025-20298

>= 9.1.0 and < 9.1.9

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affect

8.0HIGH

CVE-2023-27538

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection d

5.5MEDIUM

CVE-2023-27537

>= 8.2.0 and < 8.2.12

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduce

5.9MEDIUM

CVE-2023-27536

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously establishe

5.9MEDIUM

CVE-2023-27535

>= 8.2.0 and < 8.2.12

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong crede

5.9MEDIUM

CVE-2023-27534

>= 8.2.0 and < 8.2.12

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced whe

8.8HIGH

CVE-2023-27533

>= 8.2.0 and < 8.2.12

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pa

8.8HIGH

CVE-2023-23916

>= 8.2.0 and < 8.2.12

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compress

6.5MEDIUM

CVE-2023-23915

>= 8.2.0 and < 8.2.12

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to beh

6.5MEDIUM

CVE-2023-23914

>= 8.2.0 and < 8.2.12

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail w

9.1CRITICAL

CVE-2022-43552

>= 8.2.0 and < 8.2.12

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through a

5.9MEDIUM

CVE-2022-43551

>= 8.2.0 and < 8.2.12

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, c

7.5HIGH

CVE-2022-35260

>= 8.2.0 and < 8.2.12

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letter

6.5MEDIUM

CVE-2022-32221

>= 8.2.0 and < 8.2.12

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, ev

9.8CRITICAL

CVE-2022-36227

>= 8.2.0 and < 8.2.12

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL poi

9.8CRITICAL

CVE-2022-42915

>= 8.2.0 and < 8.2.12

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the c

8.1HIGH

CVE-2022-42916

>= 8.2.0 and < 8.2.12

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be in

7.5HIGH

CVE-2022-35252

>= 8.2.0 and < 8.2.12

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are s

3.7LOW

CVE-2021-31566

>= 8.2.0 and < 8.2.12

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and

7.8HIGH

CVE-2022-37439

>= 8.1.0 and < 8.1.11

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file

5.5MEDIUM

CVE-2022-35737

>= 8.2.0 and < 8.2.12

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string arg

7.5HIGH

CVE-2022-32208

>= 8.2.0 and < 8.2.12

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possib

5.9MEDIUM

CVE-2022-32207

>= 8.2.0 and < 8.2.12

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation

9.8CRITICAL

CVE-2022-32206

>= 8.2.0 and < 8.2.12

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and p

6.5MEDIUM

CVE-2022-32205

>= 8.2.0 and < 8.2.12

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of

4.3MEDIUM

CVE-2022-32156

< 9.0

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS cer

8.1HIGH

CVE-2022-30115

>= 8.2.0 and < 8.2.12

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HT

4.3MEDIUM

CVE-2022-27782

>= 8.2.0 and < 8.2.12

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibi

7.5HIGH

CVE-2022-27781

>= 8.2.0 and < 8.2.12

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate

7.5HIGH

CVE-2022-27780

>= 8.2.0 and < 8.2.12

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a

7.5HIGH

CVE-2022-27779

>= 8.2.0 and < 8.2.12

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be

5.3MEDIUM

CVE-2022-27778

>= 8.2.0 and < 8.2.12

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together

8.1HIGH

CVE-2022-27776

>= 8.2.0 and < 8.2.12

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HT

6.5MEDIUM

CVE-2022-27775

>= 8.2.0 and < 8.2.12

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in t

7.5HIGH

CVE-2022-27774

>= 8.2.0 and < 8.2.12

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow

5.7MEDIUM

CVE-2022-22576

>= 8.2.0 and < 8.2.12

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticate

8.1HIGH

CVE-2021-22947

>= 8.2.0 and < 8.2.12

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

>= 8.2.0 and < 8.2.12

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-22945

>= 8.2.0 and < 8.2.12

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an alr

9.1CRITICAL

CVE-2021-22926

>= 8.2.0 and < 8.2.12

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLC

7.5HIGH

CVE-2021-22925

>= 8.2.0 and < 8.2.12

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send va

5.3MEDIUM

CVE-2021-22924

>= 8.2.0 and < 8.2.12

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.

3.7LOW

CVE-2021-22923

>= 8.2.0 and < 8.2.12

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink

5.3MEDIUM

CVE-2021-22922

>= 8.2.0 and < 8.2.12

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the met

6.5MEDIUM

CVE-2021-30560

>= 8.2.0 and < 8.2.12

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corrupt

8.8HIGH

CVE-2021-36976

>= 8.2.0 and < 8.2.12

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

6.5MEDIUM

CVE-2021-22901

>= 8.2.0 and < 8.2.12

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

>= 8.2.0 and < 8.2.12

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

>= 8.2.0 and < 8.2.12

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2021-3520

>= 8.2.0 and < 8.2.12

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer

9.8CRITICAL

CVE-2021-22890

>= 8.2.0 and < 8.2.12

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad han

3.7LOW

CVE-2021-22876

>= 8.2.0 and < 8.2.12

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leak

5.3MEDIUM

CVE-2020-8286

>= 8.2.0 and < 8.2.12

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O

7.5HIGH

CVE-2020-8285

>= 8.2.0 and < 8.2.12

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa

7.5HIGH

CVE-2020-8284

>= 8.2.0 and < 8.2.12

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p

3.7LOW

CVE-2020-8231

>= 8.2.0 and < 8.2.12

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5HIGH

CVE-2020-8177

>= 8.2.0 and < 8.2.12

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwrit

7.8HIGH

CVE-2020-8169

>= 8.2.0 and < 8.2.12

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leak

7.5HIGH

CVE-2020-14155

>= 8.2.0 and < 8.2.12

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3MEDIUM

CVE-2019-20838

>= 8.2.0 and < 8.2.12

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed qu

7.5HIGH

CVE-2019-20454

>= 8.2.0 and < 8.2.12

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted

7.5HIGH