196 matches found
Astra Linux - уязвимость в curl
When the curl command is used to retrieve content using the Metalink feature, and a user name and password are used to download the Metalink XML file, those same credentials are then passed to each server from which the curl command will attempt to download or retrieve the content. This often...
MiracleLinux 8 : curl-7.61.1-18.el8.1 (AXSA:2021-2446:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2446:04 advisory. curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 curl: Metalink download sends credentials CVE-2021-22923 curl: Bad...
OPENSUSE-SU-2026:20038-1 Security update for wget2
This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...
MiracleLinux 4 : kdenetwork-4.3.4-11.AXS4.1 (AXSA:2011-169:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-169:01 advisory. Networking applications, including: kget: downloader manager kopete: chat client kppp: dialer and front end for pppd krdc: a client for Desktop Sharing and...
Security update for wget2 (important)
openSUSE Security Update: Security update for wget2 Announcement ID: openSUSE-SU-2026:0010-1 Rating: important References: 1255728 1255729 Cross-References: CVE-2025-69194 CVE-2025-69195 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes two vulnerabilities is now available...
Mageia: Security Advisory (MGASA-2026-0002)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Wget2: arbitrary file write via metalink path traversal in gnu wget2
...
Updated wget2 packages fix security vulnerability
Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...
MGASA-2026-0002 Updated wget2 packages fix security vulnerability
Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...
CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
AZL-73901 CVE-2025-69194 affecting package wget for versions less than 2.1.0-7
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
UBUNTU-CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-2025-69194 Wget2: arbitrary file write via metalink path traversal in gnu wget2
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-2025-69194
Summary: CVE-2025-69194 is a path-traversal vulnerability in GNU Wget2’s Metalink handling that can cause arbitrary file writes via unnormalized paths. The issue arises from trusting the Metalink name attribute during path resolution, allowing writes to unintended locations and potential further...
CVE-2025-69194 Wget2: arbitrary file write via metalink path traversal in gnu wget2
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
Exploit for CVE-2025-69194
CVE-2025-69194: GNU Wget2 Path Traversal Vulnerability 📝 D...
Slackware: Security Advisory (SSA:2025-364-02)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...