Lucene search
K

18 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.2 views

SUSE CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

5.9CVSS7.4AI score0.11468EPSS
Exploits2References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/24 2:54 p.m.37 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to a SSRF attack (CVE-2021-39152, CVE-2021-39150)

Summary XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Vulnerability Details...

8.5CVSS8.4AI score0.11468EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2022/02/14 1:6 p.m.98 views

Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.3.0 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

8.8CVSS7.6AI score0.98124EPSS
Exploits17References22
RedHat Linux
RedHat Linux
added 2022/01/26 4:33 p.m.50 views

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

8.8CVSS7.6AI score0.98124EPSS
Exploits17References18
RedHat Linux
RedHat Linux
added 2022/01/26 3:52 p.m.74 views

Critical: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

10CVSS7.7AI score0.99999EPSS
Exploits368References19
Amazon
Amazon
added 2021/12/10 12:0 a.m.51 views

Important: xstream

Issue Overview: A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to...

8.8CVSS8.4AI score0.98124EPSS
Exploits16
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.52 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update

A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

9.9CVSS7.5AI score0.98124EPSS
Exploits27References35
Debian
Debian
added 2021/11/10 8:29 p.m.46 views

[SECURITY] [DSA 5004-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...

7.8CVSS9AI score0.98124EPSS
Exploits27
Tenable Nessus
Tenable Nessus
added 2021/10/26 12:0 a.m.52 views

RHEL 7 : xstream (RHSA-2021:3956)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3956 advisory. XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fixes: xstream: Arbitrary code...

8.8CVSS8.2AI score0.98124EPSS
Exploits16References30
OpenVAS
OpenVAS
added 2021/10/21 12:0 a.m.37 views

Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS8AI score0.98124EPSS
Exploits34References4
OpenVAS
OpenVAS
added 2021/10/21 12:0 a.m.28 views

Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS8AI score0.98124EPSS
Exploits34References4
OPENSUSE Linux
OPENSUSE Linux
added 2021/10/20 12:0 a.m.121 views

Security update for xstream (important)

openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2021:3476-1 Rating: important References: 1189798 Cross-References: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149...

8.1CVSS7.2AI score0.98124EPSS
Exploits16References1
Tenable Nessus
Tenable Nessus
added 2021/10/01 12:0 a.m.34 views

Debian DLA-2769-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2769 advisory. - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute...

8.8CVSS8.2AI score0.98124EPSS
Exploits16References31
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.50 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.11468EPSS
Exploits2References13Affected Software1
Circl
Circl
added 2021/08/23 10:23 p.m.5 views

CVE-2021-39152

creationtimestamp| type| source ---|---|--- 2021-08-23 22:23:37+00:00| seen| https://t.me/cibsecurity/27719 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-39152.yaml 2026-02-16 21:02:33+00:00| seen|...

8.5CVSS7AI score0.11468EPSS
Exploits2References3
OSV
OSV
added 2021/08/23 7:15 p.m.5 views

UBUNTU-CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7AI score0.11468EPSS
Exploits2References5
Cvelist
Cvelist
added 2021/08/23 6:20 p.m.42 views

CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS8.8AI score0.11468EPSS
Exploits2References11
CVE
CVE
added 2021/08/23 6:20 p.m.387 views

CVE-2021-39152

CVE-2021-39152 concerns the XStream Java XML serialization library. The vulnerability allows a remote attacker to request data from internal resources not publicly available by manipulating the processed input stream, impacting systems using affected XStream versions when running Java runtimes ar...

8.5CVSS8.6AI score0.11468EPSS
In wildExploits2References11Affected Software1
Rows per page
Query Builder