Lucene search
K

18 matches found

OpenVAS
OpenVAS
added 2021/10/21 12:0 a.m.37 views

Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS8AI score0.98124EPSS
Exploits34References4
OpenVAS
OpenVAS
added 2021/10/21 12:0 a.m.28 views

Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS8AI score0.98124EPSS
Exploits34References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:15 p.m.102 views

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

9.9CVSS7.2AI score0.82392EPSS
Exploits17References16
RedHat Linux
RedHat Linux
added 2021/06/17 1:14 p.m.125 views

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.11.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

9.9CVSS7.2AI score0.82392EPSS
Exploits17References16
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2021:0176-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.2AI score0.85001EPSS
Exploits11References2
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.96 views

Critical: Red Hat Security Advisory: Red Hat Data Grid 8.2.0 security update

A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

9.9CVSS6.9AI score0.82392EPSS
Exploits18References21
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS8.5AI score0.85001EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.30 views

openSUSE: Security Advisory for xstream (openSUSE-SU-2021:0140-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS7.8AI score0.85001EPSS
Exploits11References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/24 7:43 a.m.43 views

Security Bulletin: A security vulnerability has been identified in Xstream, which is a required product for IBM Tivoli Network Configuration Manager (CVE-2020-26258, CVE-2020-26259)

Summary A security vulnerability has been disclosed in the Xstream library , which is installed as part of IBM Tivoli Network Configuration Manager version 6.4.2. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTIO...

7.7CVSS0.9AI score0.82392EPSS
Exploits7Affected Software1
OpenVAS
OpenVAS
added 2021/01/29 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-4714-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.8AI score0.85001EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.41 views

openSUSE Security Update : xstream (openSUSE-2021-140)

This update for xstream fixes the following issues : xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists bsc1180994. - CVE-2020-26258: Fixed a server-side request forgery vulnerability bsc1180146. -...

9.3CVSS8.2AI score0.85001EPSS
Exploits11References6
Gitee
Gitee
added 2021/01/24 10:46 a.m.5 views

Exploit for OS Command Injection in Apache Struts

CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...

9.3CVSS7.3AI score0.85001EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2021/01/11 12:0 a.m.47 views

Debian DSA-4828-1 : libxstream-java - security update

Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

7.7CVSS7.1AI score0.82392EPSS
Exploits7References5
Debian
Debian
added 2021/01/07 10:52 p.m.45 views

[SECURITY] [DSA 4828-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4828-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 07, 2021 https://www.debian.org/security/faq -...

7.7CVSS8.5AI score0.82392EPSS
Exploits7
Debian
Debian
added 2020/12/31 3:8 p.m.62 views

[SECURITY] [DLA 2507-1] libxstream-java security update

Debian LTS Advisory DLA-2507-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 31, 2020 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u1 CVE ID : CVE-2020-26258 CVE-2020-26259 Debian Bug : 977625 977624 Several security...

7.7CVSS6.9AI score0.82392EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2020/12/17 8:48 p.m.55 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

9.8CVSS0.5AI score0.84362EPSS
Exploits10References3
Circl
Circl
added 2020/12/16 3:25 p.m.4 views

CVE-2020-26258

creationtimestamp| type| source ---|---|--- 2020-12-16 15:25:24+00:00| seen| https://t.me/cibsecurity/20905 2021-03-16 11:01:03+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2917 2025-01-15 20:55:06+00:00| published-proof-of-concept|...

7.7CVSS7AI score0.82238EPSS
Exploits4References3
CVE
CVE
added 2020/12/16 1:5 a.m.321 views

CVE-2020-26258

CVE-2020-26258 is a Server-Side Forgery/SSRF via XStream unmarshalling in versions prior to 1.4.15. Public docs corroborate exploitation possible by crafted input streams to access internal resources, with Java 15+ mitigating the issue and a whitelist-based Security Framework recommended over the...

7.7CVSS8.1AI score0.82238EPSS
Exploits4References14Affected Software1
Rows per page
Query Builder