Vulnerabilities > GNU
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-09-26 | CVE-2016-7098 | Race Condition vulnerability in GNU Wget Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. | 8.1 |
2016-09-07 | CVE-2016-6263 | Out-of-bounds Read vulnerability in GNU Libidn The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. | 7.5 |
2016-09-07 | CVE-2016-6262 | Out-of-bounds Read vulnerability in multiple products idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | 7.5 |
2016-09-07 | CVE-2016-6261 | Out-of-bounds Read vulnerability in multiple products The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | 7.5 |
2016-09-07 | CVE-2015-8948 | Out-of-bounds Read vulnerability in multiple products idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | 7.5 |
2016-09-02 | CVE-2016-7123 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | 8.8 |
2016-09-02 | CVE-2016-6893 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | 8.8 |
2016-06-30 | CVE-2016-4971 | GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. | 8.8 |
2016-06-10 | CVE-2016-4429 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | 5.9 |
2016-06-10 | CVE-2016-3706 | Improper Input Validation vulnerability in multiple products Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. | 7.5 |