FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85ewget -- path traversal vulnerability in recursive FTP mode

MITRE reports:

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.


Discovery 2014-10-27
Entry 2014-11-08
wget
< 1.16

CVE-2014-4877
685996
d77ceb8c-bb13-11e7-8357-3065ec6f3643wget -- Heap overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja:

Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.


Discovery 2017-10-20
Entry 2017-10-27
wget
< 1.19.2

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
CVE-2017-13090
6df56c60-3738-11e6-a671-60a44ce6887bwget -- HTTP to FTP redirection file name confusion vulnerability

Giuseppe Scrivano reports:

On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename.


Discovery 2016-06-09
Entry 2016-06-21
wget
< 1.18

http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
CVE-2016-4971
7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236awget -- cookie injection vulnerability

Harry Sintonen of F-Secure Corporation reports:

GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to the cookie jar file.


Discovery 2018-04-26
Entry 2018-05-08
wget
< 1.19.5

https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
CVE-2018-0494
ports/228071
479c5b91-b6cc-11e6-a04e-3417eb99b9a0wget -- Access List Bypass / Race Condition

Dawid Golunski reports:

GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter.


Discovery 2016-11-24
Entry 2016-11-30
wget
le 1.17

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
CVE-2016-7098
09849e71-bb12-11e7-8357-3065ec6f3643wget -- Stack overflow in HTTP protocol handling

Antti Levomäki, Christian Jalio, Joonas Pihlaja:

Wget contains two vulnerabilities, a stack overflow and a heap overflow, in the handling of HTTP chunked encoding. By convincing a user to download a specific link over HTTP, an attacker may be able to execute arbitrary code with the privileges of the user.


Discovery 2017-10-20
Entry 2017-10-27
wget
< 1.19.2

http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13089