17 matches found
ROOT-APP-MAVEN-CVE-2024-47072 CVE-2024-47072 in io.root.com.thoughtworks.xstream:xstream - Patched by Root
Root has patched CVE-2024-47072 in the io.root.com.thoughtworks.xstream:xstream package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)
Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...
Security Bulletin: IBM OmniFind Text Search Server for DB2 for i is affected by multiple vulnerabilities. [CVE-2017-15691, CVE-2024-47072, CVE-2024-45492, CVE-2024-25269, CVE-2024-36052]
Summary IBM OmniFind Text Search Server for DB2 for i is vulnerable to overflow attacks CVE-2024-47072, CVE-2024-45492, Improper Restriction of XML External Entity Reference attack CVE-2017-15691, Uncontrolled Resource Consumption attack CVE-2024-25269, and Improper Neutralization attack...
Oracle WebCenter Portal (April 2025 CPU)
The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Discussion Forums XStream. The supported version tha...
K000149708: Java Xtream vulnerabilities CVE-2021-43859 and CVE-2024-47072
Security Advisory Description CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulti...
Security Bulletin: IBM Rational Developer for i is vulnerable to a buffer overflow attack (CVE-2024-47072)
Summary IBM Rational Developer for i contains functionality that is affected by the following issue. CVE-2024-47072 is a denial of service attack in the Debugger XML profile serialization function. This bulletin identifies the steps to take to address this vulnerability as described in the...
Security Bulletin: Vulnerability in XStream library affects App Connect Professional
Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...
Security Bulletin: Vulnerability in XStream affect BM Spectrum Control
Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...
Amazon Linux 2 : xstream (ALAS-2024-2707)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2707 advisory. XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides...
[SECURITY] [DLA 4001-1] libxstream-java security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 21, 2024 https://wiki.debian.org/LTS -...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information,...
SUSE SLED15: bea-stax / bea-stax-api / xstream / xstream-benchmark / etc (SUSE-SU-2024:4037-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4037-1 advisory. - CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow bsc1233085. Tenable has...
Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.2 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
openSUSE Security Advisory (SUSE-SU-2024:4037-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-47072 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-47072
creationtimestamp| type| source ---|---|--- 2024-11-07 23:46:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113444334036917014 2024-11-08 02:08:17+00:00| seen| https://t.me/cvedetector/10150 2025-01-22 02:46:01+00:00| seen|...
CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...