VYPR
Vendor

Wget

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2017-13090HigOct 27, 2017
    risk 0.60cvss 8.8epss 0.37

    The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries…

  • CVE-2004-1488Apr 27, 2005
    risk 0.04cvss epss 0.12

    wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

  • CVE-2004-2014Dec 31, 2004
    risk 0.03cvss epss 0.01

    Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

  • CVE-2005-3185Oct 13, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

  • CVE-2004-1487Apr 27, 2005
    risk 0.00cvss epss 0.02

    wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

  • CVE-2002-1565Jun 16, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.

  • CVE-1999-0402Jan 2, 1999
    risk 0.00cvss epss 0.01

    wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.