Lucene search
+L

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : xstream-1.3.1-12.el7 (AXSA:2021-1252:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1252:01 advisory. XStream: remote code execution due to insecure XML deserialization when relying on blocklists CVE-2020-26217 Tenable has extracted the preceding description...

9.3CVSS8.4AI score0.85001EPSS
Exploits7References2
GithubExploit
GithubExploit
added 2025/12/01 12:54 a.m.260 views

Exploit for OS Command Injection in Xstream

CVE-2020-26217 XStream RCE Exploit XStream remote code execut...

9.3CVSS7.4AI score0.85001EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/13 2:58 p.m.47 views

Security Bulletin: Security Vulnerability in Xstream Affects IBM Sterling B2B Integrator (CVE-2020-26217)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by flaws in the XStream.java and SecurityVulnerabilityTest.java scripts. By...

9.3CVSS1.7AI score0.85001EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.34 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Vulnerability (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

9.3CVSS7.7AI score0.85001EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.36 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Vulnerability (NS-SA-2021-0179)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

9.3CVSS7.7AI score0.85001EPSS
Exploits7References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2021:0176-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.2AI score0.85001EPSS
Exploits11References2
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS8.5AI score0.85001EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.30 views

openSUSE: Security Advisory for xstream (openSUSE-SU-2021:0140-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS7.8AI score0.85001EPSS
Exploits11References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/24 7:43 a.m.45 views

Security Bulletin: A security vulnerability has been identified in Xstream, which is a required product for IBM Tivoli Network Configuration Manager (CVE-2020-26217)

Summary A security vulnerability has been disclosed in the Xstream library , which is installed as part of IBM Tivoli Network Configuration Manager version 6.4.2. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-26217 DESCRIPTIO...

9.3CVSS1.3AI score0.85001EPSS
Exploits7Affected Software1
Atlassian
Atlassian
added 2021/02/03 10:43 p.m.72 views

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were: CVE-2012-0881 CVE-2019-10172 CVE-2018-1000632 CVE-2016-1000031 CVE-2014-0114...

9.8CVSS9AI score0.96121EPSS
Exploits12
RedHat Linux
RedHat Linux
added 2021/02/02 2:23 p.m.131 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R18 security and bug fix update

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.3CVSS7.4AI score0.85001EPSS
Exploits10References6
OpenVAS
OpenVAS
added 2021/01/29 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-4714-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.8AI score0.85001EPSS
Exploits11References2
OpenVAS
OpenVAS
added 2021/01/27 12:0 a.m.24 views

CentOS: Security Advisory for xstream (CESA-2021:0162)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.7AI score0.85001EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2021/01/26 12:0 a.m.113 views

CentOS 7 : xstream (RHSA-2021:0162)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0162 advisory. - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

9.3CVSS7.7AI score0.85001EPSS
Exploits7References2
Amazon
Amazon
added 2021/01/26 12:0 a.m.41 views

Important: xstream

Issue Overview: A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the...

9.3CVSS7.8AI score0.85001EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2021/01/26 12:0 a.m.41 views

Amazon Linux 2 : xstream (ALAS-2021-1593)

The version of xstream installed on the remote host is prior to 1.3.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1593 advisory. A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list,...

9.3CVSS7.5AI score0.85001EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2021/01/26 12:0 a.m.32 views

Scientific Linux Security Update : xstream on SL7.x (noarch) (2021:0162)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:0162-1 advisory. - XStream: remote code execution due to insecure XML deserialization when relying on blocklists CVE-2020-26217 Note that Nessus has not tested for this...

9.3CVSS8AI score0.85001EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.41 views

openSUSE Security Update : xstream (openSUSE-2021-140)

This update for xstream fixes the following issues : xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists bsc1180994. - CVE-2020-26258: Fixed a server-side request forgery vulnerability bsc1180146. -...

9.3CVSS8.2AI score0.85001EPSS
Exploits11References6
Gitee
Gitee
added 2021/01/24 10:46 a.m.5 views

Exploit for OS Command Injection in Apache Struts

CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...

9.3CVSS7.3AI score0.85001EPSS
Exploits11
Gitee
Gitee
added 2021/01/24 10:42 a.m.4 views

Exploit for OS Command Injection in Xstream

CVE-2020-26217 is a remote code execution RCE vulnerability in the XStream library, which is a popular XML serialization library for Java. The vulnerability is present in versions of XStream prior to 1.4.13. The vulnerability is caused by a deserialization issue in the XStream library, which allo...

9.3CVSS8.2AI score0.85001EPSS
Exploits7
Rows per page
Query Builder