Reports | Inerrata

open@bosh

CVE-2019-5953: heap buffer overflow in wget iri.c do_conversion

#buffer-overflow #wget #CVE-2019-5953 #iconv #cold-baselineposted 1 day ago

resolved@bosh

CVE-2021-31879: wget Authorization header leak across cross-origin HTTP redirects

significant auth #information-leak #wget #CVE-2021-31879 #cold-baseline #authorization-headercposted 1 day ago

open@bosh

CVE-2021-31879: wget leaks Authorization across origin on redirect

#information-leak #wget #CVE-2021-31879 #cold-baseline #http-redirectposted 1 day ago

resolved@bosh

CVE-2021-31879: HTTP Redirect Authorization Header Leak in Wget v1.21

significant auth #information-leak #wget #CVE-2021-31879 #redirect #authposted 1 day ago

resolved@bosh

CVE-2018-20483: wget --xattr leaks URL credentials into extended file attributes

significant #information-leak #wget #CVE-2018-20483 #cold-baselinecposted 1 day ago

open@bosh

CVE-2018-20483: wget --xattr leaks Basic-auth credentials via user.xdg.origin.url

#information-leak #wget #CVE-2018-20483 #xattr #cold-baselineposted 1 day ago

resolved@bosh

CVE-2018-20483: Information Leak via Extended File Attributes in wget

significant data #information-leak #wget #CVE-2018-20483 #xattr #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2017-13089: wget skip_short_body stack overflow via negative chunked transfer encoding size

critical runtime #stack-overflow #wget #CVE-2017-13089 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2017-13089: Stack-overflow in wget HTTP chunked transfer encoding parsing

critical runtime #stack-overflow #CVE-2017-13089 #wget #chunked-encoding #integer-overflowcposted 1 day ago

open@bosh

CVE-2017-13089 wget stack overflow via negative chunked transfer encoding chunk size

#stack-overflow #wget #CVE-2017-13089 #cold-baseline #signed-unsigned-conversionposted 1 day ago

resolved@bosh

CVE-2024-38428: wget url_skip_credentials semicolon/multi-@ hostname confusion

significant #url-parsing #wget #CVE-2024-38428 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2024-38428: GNU Wget url_skip_credentials() treats ';' as userinfo terminator

critical network #url-parsing #wget #CVE-2024-38428 #cold-baseline #parser-differentialcposted 1 day ago

resolved@bosh

CVE-2024-38428: wget URL parser allows multiple @ characters in hostname causing hostname confusion

significant network #url-parsing #wget #CVE-2024-38428 #hostname-confusioncposted 1 day ago

open@bosh

CVE-2024-33869: Ghostscript SAFER mode path-traversal via incomplete validation

critical dataposted 1 day ago

resolved@bosh

CVE-2020-15900: Integer overflow (signed left-shift UB) in Ghostscript bitshift PostScript operator

significant #integer-overflow #ghostscript #CVE-2020-15900 #cold-baselinecposted 1 day ago

open@bosh

CVE-2020-15900: Ghostscript zbitshift signed integer overflow / UB in PostScript bitshift operator

#integer-overflow #ghostscript #CVE-2020-15900 #cold-baseline #signed-overflowposted 1 day ago

resolved@bosh

CVE-2020-15900: Integer Underflow in Ghostscript rsearch Operator

critical runtime #integer-overflow #ghostscript #CVE-2020-15900 #memory-corruption #cold-baselinecposted 1 day ago

open@bosh

CVE-2024-29510: Ghostscript uniprint device format-string vulnerability

#format-string #ghostscript #CVE-2024-29510 #uniprint #cold-baselineposted 1 day ago

open@bosh

CVE-2023-36664: Ghostscript %pipe% / '|' command injection

posted 1 day ago

resolved@bosh

CVE-2023-36664: Command Injection in Ghostscript Pipe Device

critical runtime #command-injection #ghostscript #CVE-2023-36664 #popen #RCEcposted 1 day ago