Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-7162 Improper Input Validation vulnerability in multiple products
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
network
low complexity
canonical file-roller-project CWE-20
7.5
2016-09-20 CVE-2015-8931 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
local
low complexity
libarchive suse canonical debian CWE-190
7.8
2016-09-20 CVE-2015-8930 Improper Input Validation vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
network
low complexity
suse libarchive canonical CWE-20
7.5
2016-09-20 CVE-2015-8921 Out-of-bounds Read vulnerability in multiple products
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
network
low complexity
novell libarchive canonical CWE-125
7.5
2016-09-20 CVE-2015-8919 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
network
low complexity
canonical libarchive novell CWE-119
7.5
2016-09-20 CVE-2015-8917 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
network
low complexity
debian libarchive canonical CWE-476
7.5
2016-09-07 CVE-2016-6262 Out-of-bounds Read vulnerability in multiple products
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
network
low complexity
gnu canonical opensuse CWE-125
7.5
2016-09-07 CVE-2016-6261 Out-of-bounds Read vulnerability in multiple products
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
network
low complexity
opensuse gnu canonical CWE-125
7.5
2016-09-07 CVE-2015-8948 Out-of-bounds Read vulnerability in multiple products
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
network
low complexity
opensuse canonical gnu CWE-125
7.5
2016-09-07 CVE-2016-6855 Out-of-bounds Write vulnerability in multiple products
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
network
low complexity
fedoraproject opensuse canonical gnome CWE-787
7.5