- Home
- CVEs with nessus.description==set_file_metadata in xattr.c in GNU Wget stores a file's origin URL in
the user.xdg.origin.url metadata attribute of the extended attributes
of the downloaded file, which allows local users to obtain sensitive
information (e.g., credentials contained in the URL) by reading this
attribute, as demonstrated by getfattr. This also applies to Referer
information in the user.xdg.referrer.url metadata attribute. According
to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially
based on the behavior of fwrite_xattr in tool_xattr.c in
curl.(CVE-2018-20483)
A heap-based buffer overflow has been found in the
Curl_smtp_escape_eob() function of curl. An attacker could exploit
this by convincing a user to use curl to upload data over SMTP with a
reduced buffer to cause a crash or corrupt memory.(CVE-2018-0500)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top