26 matches found
EUVD-2017-5676
Malware in sbrugna...
SUSE CVE-2017-11124
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xarunserialize function in archive.c...
CVE-2022-41935
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not proper...
Design/Logic Flaw
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
CVE-2022-41935 Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not proper...
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Impact Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The issue can ...
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...
libarchive: Heap-based buffer over-read in the atol8 function
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
EulerOS Virtualization for ARM 64 3.0.3.0 : libarchive (EulerOS-SA-2019-2322)
According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and...
EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1849)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted...
USN-3592-1 clamav vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-0202 Hanno Böck discovered that ClamAV incorrectly handled parsing certain X...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
libarchive xml_data Denial of Service Vulnerability
libarchive is a multi-format archive and compression library. A security vulnerability exists in xmldata in libarchive version 3.3.2. A remote attacker can exploit this vulnerability to cause a denial of service heap-based buffer out-of-bounds read and application crash with a specially crafted x...
Heap overflow
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
ALPINE-CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...
CVE-2017-14166
libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...