Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xar vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-11124
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.
Xar Project Xar 1.6.1
7.5
CVSSv2
CVE-2017-11125
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.
Xar Project Xar 1.6.1
6.8
CVSSv2
CVE-2010-3798
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x prior to 10.6.5 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.
Apple Mac Os X 10.6.3
Apple Mac Os X 10.6.1
Apple Mac Os X 10.6.0
Apple Mac Os X 10.6.2
Apple Mac Os X 10.6.4
Apple Mac Os X Server 10.6.3
Apple Mac Os X Server 10.6.4
Apple Mac Os X Server 10.6.1
Apple Mac Os X Server 10.6.2
Apple Mac Os X Server 10.6.0
NA
CVE-2023-27480
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the X...
Xwiki Xwiki
Xwiki Xwiki 1.1
10
CVSSv2
CVE-2010-0055
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows malicious users to have an unspecified impact via a modified package.
Apple Mac Os X 10.5.8
Apple Mac Os X Server 10.5.8
6.8
CVSSv2
CVE-2016-7742
An issue exists in certain Apple products. macOS prior to 10.12.2 is affected. The issue involves the "xar" component, which allows remote malicious users to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.
Apple Mac Os X
4.3
CVSSv2
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2017-14166
libarchive 3.3.2 allows remote malicious users to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
Libarchive Libarchive 3.3.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
NA
CVE-2022-41937
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10...
Xwiki Xwiki
Xwiki Xwiki 14.5
NA
CVE-2022-41935
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the respo...
Xwiki Xwiki
Xwiki Xwiki 14.4.4
Xwiki Xwiki 14.4.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »