Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-11124
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
Xar Project Xar 1.6.1
9.8
CVSSv3
CVE-2017-11125
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
Xar Project Xar 1.6.1
NA
CVE-2010-3798
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x prior to 10.6.5 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.
Apple Mac Os X 10.6.3
Apple Mac Os X 10.6.1
Apple Mac Os X 10.6.0
Apple Mac Os X 10.6.2
Apple Mac Os X 10.6.4
Apple Mac Os X Server 10.6.3
Apple Mac Os X Server 10.6.4
Apple Mac Os X Server 10.6.1
Apple Mac Os X Server 10.6.2
Apple Mac Os X Server 10.6.0
7.7
CVSSv3
CVE-2023-27480
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the X...
Xwiki Xwiki
Xwiki Xwiki 1.1
NA
CVE-2010-0055
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows malicious users to have an unspecified impact via a modified package.
Apple Mac Os X 10.5.8
Apple Mac Os X Server 10.5.8
7.8
CVSSv3
CVE-2016-7742
An issue exists in certain Apple products. macOS prior to 10.12.2 is affected. The issue involves the "xar" component, which allows remote malicious users to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
Apple Mac Os X
5.5
CVSSv3
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
6.5
CVSSv3
CVE-2017-14166
libarchive 3.3.2 allows remote malicious users to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
Libarchive Libarchive 3.3.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
8.1
CVSSv3
CVE-2022-41937
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10...
Xwiki Xwiki
Xwiki Xwiki 14.5
4.3
CVSSv3
CVE-2022-41935
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the respo...
Xwiki Xwiki
Xwiki Xwiki 14.4.4
Xwiki Xwiki 14.4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »