FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-15 08:21:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06f142ff-4df3-11d9-a9e7-0001020eed82wget -- multiple vulnerabilities

Jan Minar reports that there exists multiple vulnerabilities in wget:

Wget erroneously thinks that the current directory is a fair game, and will happily write in any file in and below it. Malicious HTTP response or malicious HTML file can redirect wget to a file that is vital to the system, and wget will create/append/overwrite it.

Wget apparently has at least two methods of ``sanitizing'' the potentially malicious data it receives from the HTTP stream, therefore a malicious redirects can pass the check. We haven't find a way to trick wget into writing above the parent directory, which doesn't mean it's not possible.

Malicious HTTP response can overwrite parts of the terminal so that the user will not notice anything wrong, or will believe the error was not fatal.


Discovery 2004-12-09
Entry 2004-12-14
Modified 2005-04-15
wget
wget-devel
< 1.10.a1

wgetpro
wget+ipv6
ge 0

CVE-2004-1487
CVE-2004-1488
11871
http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384
http://bugs.debian.org/261755
09849e71-bb12-11e7-8357-3065ec6f3643wget -- Stack overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja:

Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.


Discovery 2017-10-20
Entry 2017-10-27
wget
< 1.19.2

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13089
479c5b91-b6cc-11e6-a04e-3417eb99b9a0wget -- Access List Bypass / Race Condition

Dawid Golunski reports:

GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter.


Discovery 2016-11-24
Entry 2016-11-30
wget
le 1.17

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
CVE-2016-7098
6df56c60-3738-11e6-a671-60a44ce6887bwget -- HTTP to FTP redirection file name confusion vulnerability

Giuseppe Scrivano reports:

On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename.


Discovery 2016-06-09
Entry 2016-06-21
wget
< 1.18

http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
CVE-2016-4971
7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236awget -- cookie injection vulnerability

Harry Sintonen of F-Secure Corporation reports:

GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file.


Discovery 2018-04-26
Entry 2018-05-08
wget
< 1.19.5

https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
CVE-2018-0494
ports/228071
a737eb11-5cfc-11e9-ab87-8cec4bf8fcfbwget -- security flaw in caching credentials passed as a part of the URL

Gynvael Coldwind reports:

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute.


Discovery 2018-12-25
Entry 2019-04-12
wget
ge 1.19 lt 1.20.1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483
CVE-2018-20483
d754b7d2-b6a7-11df-826c-e464a695cb21wget -- multiple HTTP client download filename vulnerability

GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.


Discovery 2010-06-09
Entry 2010-09-03
wget
wget-devel
le 1.12_1

CVE-2010-2252
https://bugzilla.redhat.com/show_bug.cgi?id=602797
d77ceb8c-bb13-11e7-8357-3065ec6f3643wget -- Heap overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja:

Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.


Discovery 2017-10-20
Entry 2017-10-27
wget
< 1.19.2

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
CVE-2017-13090
ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85ewget -- path traversal vulnerability in recursive FTP mode

MITRE reports:

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.


Discovery 2014-10-27
Entry 2014-11-08
wget
< 1.16

CVE-2014-4877
685996