CVE-2015-8920 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

Source: CVE-2015-8920 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8919 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

Source: CVE-2015-8919 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, ubuntu_linux)

CVE-2015-8918 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit)

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

Source: CVE-2015-8918 (libarchive, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit)

CVE-2015-8917 (debian_linux, libarchive, ubuntu_linux)

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

Source: CVE-2015-8917 (debian_linux, libarchive, ubuntu_linux)

CVE-2015-8916 (debian_linux, libarchive, ubuntu_linux)

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

Source: CVE-2015-8916 (debian_linux, libarchive, ubuntu_linux)

CVE-2015-8915 (libarchive)

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

Source: CVE-2015-8915 (libarchive)

CVE-2016-6537 (eh6108h+_firmware)

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.

Source: CVE-2016-6537 (eh6108h+_firmware)

CVE-2016-6537

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.

Source: CVE-2016-6537

CVE-2016-6536 (eh6108h+_firmware)

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.

Source: CVE-2016-6536 (eh6108h+_firmware)

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.

Source: CVE-2016-6536