Skip to main content
CVE-2015-8931 HIGH POC This Week

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libarchive Linux Enterprise Desktop Linux Enterprise Server +3
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-6802 HIGH PATCH Act Now

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5%.

Apache Authentication Bypass Shiro
NVD
CVSS 3.0
7.5
EPSS
13.5%
CVE-2015-8919 HIGH PATCH This Week

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Ubuntu Linux Libarchive Suse Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
7.5
EPSS
7.6%
CVE-2015-8917 HIGH This Week

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Debian Linux Libarchive Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
6.6%
CVE-2015-8930 HIGH PATCH This Week

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Libarchive +1
NVD GitHub
CVSS 3.0
7.5
EPSS
5.6%
CVE-2015-8921 HIGH This Week

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
7.5
EPSS
5.0%
CVE-2015-8918 HIGH PATCH This Week

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +1
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy