Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:15.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8932 |
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. Published: September 20, 2016; 10:15:18 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8931 |
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Published: September 20, 2016; 10:15:18 AM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-8930 |
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Published: September 20, 2016; 10:15:17 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8928 |
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Published: September 20, 2016; 10:15:15 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8926 |
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. Published: September 20, 2016; 10:15:13 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8925 |
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. Published: September 20, 2016; 10:15:11 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8924 |
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. Published: September 20, 2016; 10:15:10 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8923 |
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. Published: September 20, 2016; 10:15:09 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8922 |
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. Published: September 20, 2016; 10:15:08 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8921 |
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Published: September 20, 2016; 10:15:07 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8920 |
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. Published: September 20, 2016; 10:15:06 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-8919 |
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. Published: September 20, 2016; 10:15:05 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8917 |
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. Published: September 20, 2016; 10:15:03 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8916 |
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. Published: September 20, 2016; 10:15:01 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6128 |
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. Published: August 07, 2016; 6:59:22 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6232 |
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. Published: August 02, 2016; 12:59:07 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6224 |
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. Published: July 22, 2016; 10:59:01 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2015-8946 |
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. Published: July 22, 2016; 10:59:00 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-5440 |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Published: July 21, 2016; 6:14:53 AM -0400 |
V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-5439 |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. Published: July 21, 2016; 6:14:52 AM -0400 |
V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |