CVE-2024-38428

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-436
View all →

Vulnerability Description

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Related Vulnerabilities

CVE-2019-18792

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the P...

CWE-4362019

CVE-2018-19966

HIGH
CVSS:8.8(High)

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for ...

CWE-4362018

CVE-2018-6560

HIGH
CVSS:8.8(High)

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in th...

CWE-4362018

CVE-2021-28474

HIGH
CVSS:8.8(High)

Microsoft SharePoint Server Remote Code Execution Vulnerability

CWE-4362021

CVE-2022-36051

HIGH
CVSS:8.8(High)

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` ...

CWE-4362022

CVE-2019-19589

CRITICAL
CVSS:9.8(Critical)

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF ...

CWE-4362019