Lucene search
K

284 matches found

Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.4 views

GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

...

6.5CVSS7.3AI score0.0111EPSS
Exploits0
CNVD
CNVD
added 2024/11/21 12:0 a.m.6 views

GNU Wget Code Problem Vulnerability

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

6.5CVSS7AI score0.0111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 2:23 p.m.20 views

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS7AI score0.0111EPSS
Exploits0References3
CVE
CVE
added 2024/11/19 2:23 p.m.140 views

CVE-2024-10524

CVE-2024-10524 affects GNU Wget. The flaw allows SSRF: when using shorthand URLs and passing arbitrary credentials in the URL, an attacker can induce Wget to access an arbitrary host. Public advisories and vendor pages indicate patches are released (e.g., newer Wget builds like 1.21.2-4 and distr...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/19 2:23 p.m.72 views

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS0.0111EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.21 views

GNU Wget 代码问题漏洞

GNU Wget is a set of free software from the American GNU community for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A code issue vulnerability exists in GNU Wget that stems from an application using Wget to access...

6.5CVSS7.2AI score0.0111EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.18 views

EulerOS 2.0 SP12 : wget (EulerOS-SA-2024-2543)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...

9.1CVSS7.1AI score0.00672EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2024-2543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.4AI score0.00672EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2024/10/03 10:28 p.m.21 views

Advisory ROSA-SA-2024-2503

Software: wget 1.19.5 OS: ROSA Virtualization 2.1 packageevrstring: wget-1.19.5-12.rv3 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the userinfo URI component of the GNU Wget download manager is related to insecure behavior in which data that should hav...

9.1CVSS6.9AI score0.00672EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2024-2430)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.4AI score0.00672EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2024-2407)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.4AI score0.00672EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.26 views

EulerOS 2.0 SP10 : wget (EulerOS-SA-2024-2453)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...

9.1CVSS7.1AI score0.00672EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/05 6:17 p.m.37 views

Moderate: Red Hat Security Advisory: wget security update

An update for wget is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.1CVSS6.7AI score0.00672EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/09/03 12:0 a.m.31 views

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

9.1CVSS7.2AI score0.00672EPSS
Exploits0References4
OSV
OSV
added 2024/08/13 12:0 a.m.33 views

ALSA-2024:5299 Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

9.1CVSS7.7AI score0.00672EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/08/13 12:0 a.m.35 views

Moderate: wget security update

The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input may lead to improper behavior CVE-2024-38428 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

9.1CVSS6.8AI score0.00672EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/08/06 12:0 a.m.21 views

RHEL 8 : wget (RHSA-2024:4998)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4998 advisory. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fixes: wget: Misinterpretation of input ma...

9.1CVSS7.1AI score0.00672EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.22 views

Amazon Linux 2023 : wget (ALAS2023-2024-657)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-657 advisory. url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent i...

9.1CVSS7AI score0.00672EPSS
Exploits0References4
OSV
OSV
added 2024/06/28 11:8 a.m.5 views

OESA-2024-1756 wget security update

GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. Security Fixes: url.c in GNU Wg...

9.1CVSS6.8AI score0.00672EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 5:12 p.m.20 views

MGASA-2024-0240 Updated wget packages fix security vulnerability

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. CVE-2024-38428...

9.1CVSS9AI score0.00672EPSS
Exploits0References3
Rows per page
Query Builder