23 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-7957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during...
be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), bio.singa:singa-simulation (>=0.4.0 <=0.4.2) +2223 more potentially affected by CVE-2017-7957 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.10-java7)
com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.3.3, =0.4.0, =2.0-beta-3, =1.0, =1.1.1, =1.0.2, =1.1.2, =1.0.0, =1.0.0, =1.0.0, =1.2, =1.3 and more Source cves: CVE-2017-7957 Source advisory: OSV:GHSA-7HWC-46RM-65JH...
dq.ynjply.cn Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-983720 Security Researcher devl00p Helped patch 3000 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting dq.ynjply.cn website and...
Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a XStream vulnerability
Summary IBM Tivoli Netcool Configuration Manager ITNCM has addressed the following potential XStream vulnerability. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the...
Security Bulletin: Open Source XStream as used in IBM QRadar SIEM is vulnerable to Denial of Service. (CVE-2017-7957)
Summary Open Source XStream is vulnerable to a Denial of Service attack. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type 'void' during unmarshalling. A...
Security Bulletin: A vulnerability in XStream affects IBM InfoSphere Information Governance components
Summary A vulnerability in XStream was addressed by IBM InfoSphere Information Governance Catalog, IBM InfoSphere Information Server Business Glossary, and IBM InfoSphere Information Server Business Glossary Client for Eclipse. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is...
Denial Of Service (DoS)
Apache Struts REST plugin is vulnerable to denial of service DoS attacks. The application uses a version of the xstream library before version 1.4.10, which can crash when attempting to unmarshal void. This is related to CVE-2017-7957...
SUSE-SU-2017:3390-1 Security update for xstream
This update for xstream fixes the following issues: - CVE-2017-7957: XStream could cause a Denial of Service when unmarshalling void. bsc1070731...
SUSE-SU-2017:3389-1 Security update for xstream
This update for xstream fixes the following issues: - CVE-2017-7957: XStream could cause a Denial of Service when unmarshalling void. bsc1070731...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.6 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.6 security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Denial Of Service (DoS)
struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...
Debian DSA-3841-1 : libxstream-java - security update
It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 3841-1] libxstream-java
------------------------------------------------------------------------- Debian Security Advisory DSA-3841-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 02, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DLA 930-1] libxstream-java security update
Package : libxstream-java Version : 1.4.2-1+deb7u2 CVE ID : CVE-2017-7957 Debian Bug : 861521 It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an...
Debian: Security Advisory (DSA-3841-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2017-7957
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...
CVE-2017-7957
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...
UBUNTU-CVE-2017-7957
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...
CVE-2017-7957
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...