VYPR

rpm package

suse/wget&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/wget&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (4)

  • CVE-2017-6508MedMar 7, 2017
    affected < 1.14-20.1fixed 1.14-20.1

    CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.

  • CVE-2016-7098HigSep 26, 2016
    affected < 1.14-17.1fixed 1.14-17.1

    Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

  • CVE-2016-4971HigJun 30, 2016
    affected < 1.14-10.3fixed 1.14-10.3

    GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

  • CVE-2015-2059Aug 12, 2015
    affected < 1.14-10.3fixed 1.14-10.3

    The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.