High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-20	CVE-2015-8931	Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. local low complexity libarchive suse canonical debian CWE-190	7.8
2016-09-20	CVE-2015-8930	Improper Input Validation vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. network low complexity suse libarchive canonical CWE-20	7.5
2016-09-20	CVE-2015-8921	Out-of-bounds Read vulnerability in multiple products The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. network low complexity novell libarchive canonical CWE-125	7.5
2016-09-20	CVE-2015-8919	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. network low complexity canonical libarchive novell CWE-119	7.5
2016-09-20	CVE-2015-8917	NULL Pointer Dereference vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. network low complexity debian libarchive canonical CWE-476	7.5
2016-09-07	CVE-2016-6262	Out-of-bounds Read vulnerability in multiple products idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. network low complexity gnu canonical opensuse CWE-125	7.5
2016-09-07	CVE-2016-6261	Out-of-bounds Read vulnerability in multiple products The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. network low complexity opensuse gnu canonical CWE-125	7.5
2016-09-07	CVE-2015-8948	Out-of-bounds Read vulnerability in multiple products idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. network low complexity opensuse canonical gnu CWE-125	7.5
2016-09-07	CVE-2016-6855	Out-of-bounds Write vulnerability in multiple products Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. network low complexity fedoraproject opensuse canonical gnome CWE-787	7.5
2016-08-13	CVE-2016-5384	Double Free vulnerability in multiple products fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. local low complexity fedoraproject fontconfig-project debian canonical CWE-415	7.8