CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7123
https://notcve.org/view.php?id=CVE-2016-7123
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. Vulnerabilidad de CSRF en la interfaz web administrativa en GNU Mailman en versiones anteriores a 2.1.15 permite a atacantes remotos secuestrar la autenticación de administradores. • http://www.securityfocus.com/bid/92732 http://www.securitytracker.com/id/1037160 https://bugs.launchpad.net/bugs/1614841 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8948
https://notcve.org/view.php?id=CVE-2015-8948
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. idn en GNU libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de rango. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6261
https://notcve.org/view.php?id=CVE-2016-6261
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. La función idna_to_ascii_4i en lib/idna.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída) a través de 64 bytes de entrada. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cis • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6262
https://notcve.org/view.php?id=CVE-2016-6262
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. idn en libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de límites, una vulnerabilidad diferente a CVE-2015-8948. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6263
https://notcve.org/view.php?id=CVE-2016-6263
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. La función stringprep_utf8_nfkc_normalize en lib/nfkc.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída) a través de datos UTF-8 manipulados. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists& • CWE-125: Out-of-bounds Read •