16 matches found
CVE-2026-24112
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...
MiracleLinux 7 : wget-1.14-18.1.0.1.el7.AXS7 (AXSA:2024-8759:03)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8759:03 advisory. CVE-2024-38428: properly re-implement userinfo parsing rfc2396 CVEs: CVE-2024-38428 url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo...
CLSA-2025-1762783856 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: mishandling of semicolons in userinfo - debian/patches/CVE-2024-38428.patch: properly re-implement userinfo parsing in src/url.c. - CVE-2024-38428...
CLSA-2025-1747851041 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396...
CLSA-2024-1733428726 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396...
CLSA-2024-1725898066 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing...
wget: Misinterpretation of input may lead to improper behavior
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...
wget: Misinterpretation of input may lead to improper behavior
A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials...
CLSA-2024-1723826300 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396 - Fix wget Test-proxied-https-auth.px and Test-proxied-https-auth.px tests failing - Providing wget -O and -q parameters while running in background generates a wget-log file...
CLSA-2024-1723796201 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396...
CLSA-2024-1723795173 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396 - Fix wget Test-proxied-https-auth.px and Test-proxied-https-auth.px tests failing - Providing wget -O and -q parameters while running in background generates a wget-log file...
CLSA-2024-1723794812 wget: Fix of CVE-2024-38428
CVE-2024-38428: properly re-implement userinfo parsing rfc2396 - Fix wget Test-proxied-https-auth.px and Test-proxied-https-auth.px tests failing - Providing wget -O and -q parameters while running in background generates a wget-log file...
CLSA-2024-1723223949 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...
CLSA-2024-1723223824 Fix CVE(s): CVE-2024-38428
SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing rfc2396 to fix outdated RFC implementation - CVE-2024-38428...
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
...
SUSE CVE-2024-38428
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...