OSVersionArchitecturePackageVersionFilename
Mageia8noarchxstream< 1.4.18-1xstream-1.4.18-1.mga8
Mageia8noarchxmlpull< 1.2.0-1xmlpull-1.2.0-1.mga8
Mageia8noarchmxparser< 1.2.2-1mxparser-1.2.2-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	xstream	< 1.4.18-1	xstream-1.4.18-1.mga8
Mageia	8	noarch	xmlpull	< 1.2.0-1	xmlpull-1.2.0-1.mga8
Mageia	8	noarch	mxparser	< 1.2.2-1	mxparser-1.2.2-1.mga8

References

bugs.mageia.org/show_bug.cgi?id=29512

lists.fedoraproject.org/archives/list/[email protected]/thread/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/

www.debian.org/lts/security/2021/dla-2769

nessus 11

debian 4

suse 2

openvas 10

redhat 6

amazon 1

ibm 11

osv 29

ubuntu 1

oraclelinux 1

githubexploit 2

fedora 3

atlassian 2

cve 13

cnvd 14

veracode 14

ubuntucve 13

debiancve 11

github 13

prion 14

nuclei 4

redhatcve 13

cisa_kev 1

zdt 1

hivepro 1

rapid7blog 1

attackerkb 1

packetstorm 1

srcincite 1

nessus

RHEL 7 : xstream (RHSA-2021:3956)

2021-10-26 00:00:00

Amazon Linux 2 : xstream (ALAS-2021-1729)

2021-12-10 00:00:00

openSUSE 15 Security Update : xstream (openSUSE-SU-2021:3476-1)

2021-10-21 00:00:00

debian

[SECURITY] [DLA 2769-1] libxstream-java security update

2021-09-29 23:28:17

[SECURITY] [DSA 5004-1] libxstream-java security update

2021-11-10 20:29:25

[SECURITY] [DSA 5004-1] libxstream-java security update

2021-11-10 20:29:25

suse

Security update for xstream (important)

2021-10-31 00:00:00

Security update for xstream (important)

2021-10-20 00:00:00

openvas

Mageia: Security Advisory (MGASA-2021-0474)

2022-01-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3476-1)

2021-10-21 00:00:00

Debian: Security Advisory (DSA-5004-1)

2021-11-14 00:00:00

redhat

(RHSA-2021:3956) Important: xstream security update

2021-10-25 06:30:03

(RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update

2022-01-26 16:28:59

(RHSA-2022:0296) Critical: Red Hat Process Automation Manager 7.12.0 security update

2022-01-26 15:49:06

amazon

Important: xstream

2021-12-08 16:28:00

ibm

Security Bulletin: Vulnerabilities in XStream affect IBM Spectrum Protect Plus

2021-12-10 20:38:36

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

2021-10-01 06:19:43

Security Bulletin: Due to use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to arbitrary code execution attack

2023-01-24 14:30:09

osv

libxstream-java - security update

2021-11-10 00:00:00

libxstream-java vulnerabilities

2023-03-13 10:57:59

libxstream-java - security update

2021-09-29 00:00:00

ubuntu

XStream vulnerabilities

2023-03-13 00:00:00

oraclelinux

xstream security update

2021-10-25 00:00:00

githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Xstream Project Xstream

2021-08-24 06:15:20

Exploit for Deserialization of Untrusted Data in Xstream Project Xstream

2022-10-31 10:27:35

fedora

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

2021-10-12 23:47:14

[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34

2021-10-12 23:45:05

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

2021-10-29 23:18:39

atlassian

XStream upgrade to 1.4.18

2021-09-10 04:35:37

XStream upgrade to 1.4.18

2021-09-10 04:35:37

cve

CVE-2021-39152

2021-08-23 19:15:00

CVE-2021-39148

2021-08-23 18:15:00

CVE-2021-39139

2021-08-23 18:15:00

cnvd

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)

2021-08-23 00:00:00

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)

2021-08-23 00:00:00

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67825)

2021-08-23 00:00:00

veracode

Remote Code Execution (RCE)

2021-08-24 08:17:04

Remote Code Execution (RCE)

2021-08-24 06:27:20

Remote Code Execution (RCE)

2021-08-24 02:36:00

ubuntucve

CVE-2021-39145

2021-08-23 00:00:00

CVE-2021-39148

2021-08-23 00:00:00

CVE-2021-39149

2021-08-23 00:00:00

debiancve

CVE-2021-39147

2021-08-23 18:15:00

CVE-2021-39154

2021-08-23 18:15:00

CVE-2021-39145

2021-08-23 18:15:00

github

XStream is vulnerable to an Arbitrary Code Execution attack

2021-08-25 14:46:49

XStream is vulnerable to an Arbitrary Code Execution attack

2021-08-25 14:47:28

XStream is vulnerable to an Arbitrary Code Execution attack

2021-08-25 14:48:31

prion

Code injection

2021-08-23 18:15:00

Design/Logic Flaw

2021-08-23 18:15:00

Code injection

2021-08-23 18:15:00

nuclei

XStream 1.4.18 - Arbitrary Code Execution

2023-03-12 03:38:05

XStream 1.4.18 - Remote Code Execution

2023-03-12 03:38:05

XStream <1.4.18 - Server-Side Request Forgery

2023-03-12 03:38:05

redhatcve

CVE-2021-39140

2021-08-25 18:58:45

CVE-2021-39145

2021-08-25 19:29:21

CVE-2021-39149

2021-08-25 19:33:27

cisa_kev

XStream Remote Code Execution Vulnerability

2023-03-10 00:00:00

zdt

VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit

2022-11-16 00:00:00

hivepro

VMware Cloud Foundation has a significant RCE flaw

2022-10-28 07:27:55

rapid7blog

CVE-2021-39144: VMware Cloud Foundation Unauthenticated Remote Code Execution

2022-10-27 15:22:09

attackerkb

CVE-2021-39144

2021-08-23 00:00:00

packetstorm

VMware NSX Manager XStream Unauthenticated Remote Code Execution

2022-11-15 00:00:00

srcincite

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

2022-08-03 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Related for MGASA-2021-0474