17040 matches found
DEBIAN-CVE-2026-58471
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58472
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...
CVE-2026-58471
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58472
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...
CVE-2026-58472 GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...
CVE-2026-58472
GNU Wget 1.25.0 contains a heap buffer overflow in html_quote_string() (src/convert.c) triggered by a crafted HTML attribute that requires extensive entity encoding. A server-supplied HTML attribute overflows a signed integer counter during output size accumulation, causing an undersized heap all...
EUVD-2026-42083
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58471
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...
CVE-2026-58471
CVE-2026-58471 affects GNU Wget up to version 1.25.0. The vulnerability is a heap buffer overflow in the convert_fname() function in src/url.c, triggered by server-supplied filenames requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reall...
CVE-2026-58470
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...
CVE-2026-58470
GNU Wget 1.25.0 and earlier is affected by an integer overflow in parse_content_range() (src/http.c) triggered by server-controlled Content-Range headers, leading to undefined behavior and download desynchronization. The issue is fixed in commit 43d3ba9, and users should upgrade to a version that...
CVE-2026-58470
GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...
CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
CVE-2026-58469
GNU Wget prior to 1.25.0 is affected by a heap buffer underread in clean_metalink_string() inside src/metalink.c when parsing a Metalink URL that is whitespace-only. The issue can lead to memory corruption and abnormal program behavior; the CVE notes multiple CVSS measurements with high impact (a...
CVE-2026-58469
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...
EUVD-2026-25018
id: groups= computed from real GID instead of effective GID...
OESA-2026-2860 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...