Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-7098 Race Condition vulnerability in GNU Wget
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
network
high complexity
gnu CWE-362
8.1
2016-09-07 CVE-2016-6263 Out-of-bounds Read vulnerability in GNU Libidn
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
network
low complexity
gnu CWE-125
7.5
2016-09-07 CVE-2016-6262 Out-of-bounds Read vulnerability in multiple products
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
network
low complexity
gnu canonical opensuse CWE-125
7.5
2016-09-07 CVE-2016-6261 Out-of-bounds Read vulnerability in multiple products
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
network
low complexity
opensuse gnu canonical CWE-125
7.5
2016-09-07 CVE-2015-8948 Out-of-bounds Read vulnerability in multiple products
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
network
low complexity
opensuse canonical gnu CWE-125
7.5
2016-09-02 CVE-2016-7123 Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
network
low complexity
gnu CWE-352
8.8
2016-09-02 CVE-2016-6893 Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
network
low complexity
gnu CWE-352
8.8
2016-06-30 CVE-2016-4971 GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
network
low complexity
gnu canonical oracle paloaltonetworks
8.8
2016-06-10 CVE-2016-4429 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
network
high complexity
opensuse gnu canonical CWE-787
5.9
2016-06-10 CVE-2016-3706 Improper Input Validation vulnerability in multiple products
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion.
network
low complexity
opensuse gnu CWE-20
7.5