Lucene search
+L

89 matches found

CVE
CVE
added 2025/07/15 2:44 p.m.42 views

CVE-2025-53621

CVE-2025-53621 : DSpace prior to 7.6.4, 8.2, and 9.1 is vulnerable to XML External Entity (XXE) injection during archive imports (SAF) or when handling XML from upstream services. The issue arises because external entities are not disabled during XML parsing, enabling a trusted administrator to t...

6.9CVSS6.5AI score0.00368EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/07/15 2:44 p.m.4 views

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS6.5AI score0.00368EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/07/15 2:44 p.m.48 views

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS0.00368EPSS
Exploits0References7
OSV
OSV
added 2025/07/15 2:44 p.m.5 views

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...

6.9CVSS7AI score0.00368EPSS
Exploits0References9
Amazon
Amazon
added 2025/07/10 12:0 a.m.5 views

Important: libarchive

Issue Overview: A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory...

7.8CVSS8.1AI score0.00326EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2025/04/08 7:0 a.m.2 views

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

...

7.5CVSS7.2AI score0.00502EPSS
Exploits1
OSV
OSV
added 2025/03/28 3:15 p.m.3 views

UBUNTU-CVE-2024-48615

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...

7.5CVSS7.1AI score0.00502EPSS
Exploits1References4
OSV
OSV
added 2024/10/31 8:55 a.m.5 views

USN-7087-1 libarchive vulnerability

It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitra...

7.3CVSS7.1AI score0.03154EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/10/18 7:0 a.m.4 views

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

...

7.8CVSS6.7AI score0.00552EPSS
Exploits1
OSV
OSV
added 2024/10/10 2:15 a.m.1 views

ALPINE-CVE-2024-48958

executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

7.8CVSS5.7AI score0.00552EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.6 views

Nix 安全漏洞

Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix versions 2.24.0 through 2.24.5, which stems from a vulnerability that allows an alternate or malicious user to craft a NAR, resulting in the right to access arbitrary...

9CVSS6.5AI score0.00566EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2024/07/31 3:41 a.m.415 views

USN-6929-1: OpenJDK 8 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 8 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

7.4CVSS7.5AI score0.01257EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/31 12:0 a.m.28 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : OpenJDK 8 vulnerabilities (USN-6929-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6929-1 advisory. It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain...

7.4CVSS7.7AI score0.01257EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2024/06/06 1:54 a.m.58 views

USN-6811-1: OpenJDK 11 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...

3.7CVSS6.8AI score0.01361EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.4 views

PT-2024-1195

Name of the Vulnerable Software and Affected Versions Atril affected versions not specified Description The issue is related to a Command Injection Vulnerability in Atril, a simple multi-page document viewer. This vulnerability allows an attacker to gain immediate access to the target system when...

9.7CVSS7.1AI score0.02359EPSS
Exploits2References42
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.4 views

SUSE CVE-2012-1457

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal aka Cat QuickHeal 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot...

4.3CVSS6.8AI score0.98293EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.4 views

SUSE CVE-2016-1541

Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...

8.8CVSS8.4AI score0.10284EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-8688

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...

5.5CVSS8.8AI score0.0198EPSS
Exploits0References4
OSV
OSV
added 2022/08/06 5:48 a.m.31 views

GHSA-8RMH-55H4-93H5 DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

7.2CVSS6.9AI score0.01118EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/06 5:48 a.m.46 views

DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import

Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...

7.2CVSS6.7AI score0.01118EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder