Skip to main content
CVE-2016-6662 CRITICAL POC PATCH THREAT Act Now

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.6%.

RCE Privilege Escalation Oracle MySQL Percona Server +10
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.6%
Threat
6.1
CVE-2015-8931 HIGH POC This Week

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libarchive Linux Enterprise Desktop Linux Enterprise Server +3
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-6802 HIGH PATCH Act Now

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5%.

Apache Authentication Bypass Shiro
NVD
CVSS 3.0
7.5
EPSS
13.5%
CVE-2015-8934 MEDIUM POC This Month

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Linux Enterprise Desktop Linux Enterprise Server +3
NVD GitHub
CVSS 3.0
5.5
EPSS
1.4%
CVE-2015-8932 MEDIUM POC This Month

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Linux Enterprise Desktop Linux Enterprise Server +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2015-8925 MEDIUM POC This Month

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Libarchive +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2015-8915 MEDIUM POC This Month

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libarchive
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2015-8926 MEDIUM POC This Month

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Ubuntu Linux Linux Enterprise Desktop Linux Enterprise Server +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2015-8933 MEDIUM POC This Month

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libarchive Linux Enterprise Desktop Linux Enterprise Server +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8928 MEDIUM POC This Month

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Libarchive +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8929 MEDIUM POC This Month

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2015-8927 MEDIUM POC This Month

The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libarchive
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-8919 HIGH PATCH This Week

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Ubuntu Linux Libarchive Suse Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
7.5
EPSS
7.6%
CVE-2015-8917 HIGH This Week

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Debian Linux Libarchive Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
6.6%
CVE-2015-8930 HIGH PATCH This Week

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Libarchive +1
NVD GitHub
CVSS 3.0
7.5
EPSS
5.6%
CVE-2015-8921 HIGH This Week

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
7.5
EPSS
5.0%
CVE-2015-8918 HIGH PATCH This Week

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2015-8923 MEDIUM This Month

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libarchive Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.6%
CVE-2015-8916 MEDIUM This Month

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ubuntu Linux Debian Linux Libarchive
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2015-8920 MEDIUM This Month

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2015-8922 MEDIUM This Month

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libarchive Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2015-8924 MEDIUM This Month

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libarchive Suse Linux Enterprise Software Development Kit +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy