13 matches found
CVE-2026-27709
NanaZip (open source) version range prior to 6.0.1638.0 and 6.5.1638.0 is affected by an out-of-bounds read in the .NET Single File Application parser during manifest parsing. A crafted bundle can cause a malformed RelativePathLength, leading to the parser constructing a std::string from memory b...
CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...
CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...
CVE-2026-27709 NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s .NET Single File Application parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed RelativePathLength so the...
Linux Distros Unpatched Vulnerability : CVE-2025-4949
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the...
Security update for eclipse-jgit
This update for eclipse-jgit fixes the following issues: CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...
SUSE-SU-2025:02762-1 Security update for eclipse-jgit
This update for eclipse-jgit fixes the following issues: - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class bsc1243647...
SUSE CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...
DEBIAN-CVE-2025-4949
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...
PT-2024-40760 · Git +1 · Ninja
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Lexer::Error function, which is called by...
PT-2024-40757 · Git +1 · Ninja
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the Lexer::ReadToken function, which is called by...
PT-2024-40764 · Git +1 · Ninja
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the following functions: Lexer::ReadToken,...