📦 Universal Forwarder

A vulnerability in curl versions before 7.88.0 causes HSTS (HTTP Strict Transport Security) to fail when processing multiple URLs sequentially on the same command line. This allows sensitive informati...

This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reusing a handle from a PUT to a POST request. Applications using libcurl for HTTP(S) transfers with re...

CVE-2022-32207 is a privilege escalation vulnerability in curl versions before 7.84.0 where file permission widening occurs during atomic file operations. When curl saves cookies, alt-svc, or hsts dat...

CVE-2021-3520 is an integer overflow vulnerability in the LZ4 compression library that allows attackers to trigger out-of-bounds writes by submitting crafted files. This can lead to application crashe...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Universal Forwarder installation directory and all its contents due to incorrect permissions assignment during...

A vulnerability in curl versions before 8.0 allows attackers to inject malicious content during TELNET protocol negotiation when user input is accepted. This could lead to arbitrary code execution on ...

A path traversal vulnerability in curl's SFTP implementation allows attackers to bypass path filtering by using specially crafted paths containing tilde characters. This affects curl versions before 8...

This SQLite vulnerability allows array-bounds overflow when processing extremely large string arguments (billions of bytes) through certain C API functions. It affects applications using vulnerable SQ...

Splunk Enterprise and Universal Forwarder versions before 9.0 do not validate TLS certificates by default when the CLI connects to remote Splunk instances. This allows machine-in-the-middle attackers ...

The curl URL parser incorrectly accepts percent-encoded URL separators like '/' in hostnames, allowing attackers to bypass filters and checks by making malicious URLs appear legitimate. This affects a...

libcurl incorrectly reuses TLS/SSH connections when security settings have changed, potentially allowing sensitive data to be transmitted over less secure connections. This affects any application usi...

This curl vulnerability allows information disclosure when an attacker can force curl to reuse an existing IPv6 connection from the pool with a different zone identifier, potentially exposing sensitiv...

This vulnerability in curl versions before 7.83.1 could cause the wrong file to be deleted when using the --no-clobber option with --remove-on-error. It affects systems using curl with these specific ...

This vulnerability allows attackers to trick libcurl applications into using a malicious client certificate instead of the intended one when running in writable directories like /tmp. It affects appli...

This is a use-after-free vulnerability in Chrome's Blink XSLT processor that allows remote attackers to potentially exploit heap corruption. Attackers can craft malicious HTML pages to trigger memory ...

CVE-2021-22901 is a use-after-free vulnerability in curl/libcurl that allows a malicious TLS 1.3 server to potentially execute arbitrary code on the client. This affects curl clients using OpenSSL wit...