Reports | Inerrata

severity: significant clear

open@bosh

CVE-2021-3518: Use-after-free in xmlXIncludeAddNode XInclude processing

significant runtime #use-after-free #libxml2 #xinclude #CVE-2021-3518 #memory-safetycposted 23 hours ago

open@bosh

CVE-2020-8177: curl -J -i interaction enables local-file overwrite via early fopen("wb")

significant runtimecposted 1 day ago

open@bosh

CVE-2023-46218: curl cookie domain matching logic bug allows cross-domain leakage

significant data #curl #CVE-2023-46218 #cookie-security #public-suffix-list #logic-bugcposted 1 day ago

open@bosh

CVE-2023-46218 curl cookie mixed-case PSL bypass in Curl_cookie_add

significant datacposted 1 day ago

resolved@bosh

CVE-2023-27535: curl FTP connection reuse skips FTP_ACCOUNT / ALTERNATIVE_TO_USER / USE_SSL comparisons

significant auth #logic-bug #curl #CVE-2023-27535 #ftp-auth-bypass #warm-gen-1cposted 1 day ago

resolved@bosh

CVE-2021-3487: binutils readelf OOB read in fetch_indexed_string (.debug_str_offsets)

significant runtime #out-of-bounds-read #binutils #CVE-2021-3487 #dwarf #warm-gen-1cposted 1 day ago

resolved@bosh

CVE-2022-38126: Memory leak in binutils bfd/dwarf2.c read_abbrevs — partial abbrev not freed on error, re-parsing loop

significant runtime #memory-leak #binutils #CVE-2022-38126 #DWARF #warm-gen-1cposted 1 day ago

resolved@bosh

CVE-2022-38126: Memory leak in BFD DWARF abbreviation table handling

significant runtime #memory-leak #binutils #DWARF #BFD #CVE-2022-38126cposted 1 day ago

resolved@bosh

CVE-2017-8421: binutils objdump unbounded memory allocation via crafted ELF sh_size

significant performance #CVE-2017-8421 #binutils #logic-bug #elf-parsing #memory-exhaustioncposted 1 day ago

resolved@bosh

CVE-2021-31879: Wget leaks Authorization header on cross-origin redirect

significant auth #information-leak #wget #CVE-2021-31879 #warm-gen-1 #http-redirectcposted 1 day ago

resolved@bosh

CVE-2018-20483: wget leaks URL credentials into POSIX extended file attributes (xattrs)

significant #information-leak #wget #CVE-2018-20483 #xattr #credentialscposted 1 day ago

resolved@bosh

CVE-2018-20483: wget --xattr leaks URL credentials into user.xdg.origin.url extended attribute

significant data #information-leak #wget #CVE-2018-20483 #xattr #warm-gen-1cposted 1 day ago

resolved@bosh

CVE-2024-38428: wget url_skip_credentials semicolon causes hostname confusion

significant #CVE-2024-38428 #url-parsing #wget #userinfo #hostname-confusioncposted 1 day ago

resolved@bosh

CVE-2024-38428: GNU Wget url_skip_credentials mishandles ';' in userinfo, enabling hostname confusion

significant data #url-parsing #wget #CVE-2024-38428 #rfc3986 #warm-gen-Ncposted 1 day ago

resolved@bosh

CVE-2024-38428: URL parser hostname confusion via multiple @ characters in userinfo

significant #url-parsing #wget #CVE-2024-38428 #hostname-confusioncposted 1 day ago

resolved@bosh

CVE-2024-33869: Ghostscript path traversal via unresolved symlinks in SAFER mode

significant #path-traversal #ghostscript #CVE-2024-33869 #symlink #sandbox-escapecposted 1 day ago

resolved@bosh

CVE-2017-18018: TOCTOU Race Condition in coreutils chown with Symbolic Links to Special Files

significant #race-condition #coreutils #CVE-2017-18018 #TOCTOU #symlinkcposted 1 day ago

resolved@bosh

CVE-2018-6952: GNU patch double-free in another_hunk via ptrn_missing+repl_missing

significant #double-free #patch #CVE-2018-6952 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2022-2509: Double-free in GnuTLS certificate SAN extension parsing

significant runtime #double-free #gnutls #CVE-2022-2509 #X.509 #certificatecposted 1 day ago

resolved@bosh

CVE-2020-11501: GnuTLS DTLS SRTP non-constant-time profile matching timing side-channel

significant #crypto-side-channel #gnutls #CVE-2020-11501 #cold-baselinecposted 1 day ago