89 matches found
CVE-2025-53621
CVE-2025-53621 : DSpace prior to 7.6.4, 8.2, and 9.1 is vulnerable to XML External Entity (XXE) injection during archive imports (SAF) or when handling XML from upstream services. The issue arises because external entities are not disabled during XML parsing, enabling a trusted administrator to t...
CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...
CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...
CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...
Important: libarchive
Issue Overview: A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory...
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
...
UBUNTU-CVE-2024-48615
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at rchivereadsupportformattar.c:1844:8...
USN-7087-1 libarchive vulnerability
It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitra...
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
...
ALPINE-CVE-2024-48958
executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
Nix 安全漏洞
Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix versions 2.24.0 through 2.24.5, which stems from a vulnerability that allows an alternate or malicious user to craft a NAR, resulting in the right to access arbitrary...
USN-6929-1: OpenJDK 8 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 8 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : OpenJDK 8 vulnerabilities (USN-6929-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6929-1 advisory. It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain...
USN-6811-1: OpenJDK 11 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...
PT-2024-1195
Name of the Vulnerable Software and Affected Versions Atril affected versions not specified Description The issue is related to a Command Injection Vulnerability in Atril, a simple multi-page document viewer. This vulnerability allows an attacker to gain immediate access to the target system when...
SUSE CVE-2012-1457
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal aka Cat QuickHeal 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot...
SUSE CVE-2016-1541
Heap-based buffer overflow in the zipreadmacmetadata function in archivereadsupportformatzip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive...
SUSE CVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
GHSA-8RMH-55H4-93H5 DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...