CVE-2022-40156

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

CVE-2022-40155

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

CVE-2022-40153

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

CVE-2022-40151

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

CVE-2022-40152

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

Security Bulletin: TADDM 7.2.1.4: Vulnerabilities in embedded JRE.

Abstract Multiple security vulnerabilities exist in the Java Runtime Environments JREs IBM JRE 5.0 Service Release 16 or earlier, and non-IBM Java 5.0 or earlier, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-14...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.5)

The version of AOS installed on the remote host is prior to 5.20.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.5 advisory. - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was...

Denial Of Service (DoS)

XStream Core is vulnerable to denial of service. The vulnerability exist due to a stack overflow during the serialization of xml data which allows an attacker to parse malicious input causing an application crash...

Denial Of Service (DoS)

xstream is vulnerable to denial of service. The vulnerability exists due to the improper serialization of XML data in the processConverterAnnotations function in AnnotationMapper.java which allows an attacker to cause an application crash by providing malicious input through the parser...

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

Deserialization of untrusted data

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

CVE-2022-39008

The CVE-2022-39008 entry concerns Huawei HarmonyOS NFC module deserialization weaknesses. The root cause is insecure bundle serialization/deserialization, enabling an attacker to cause third-party apps to read and write files that are normally restricted to system apps. Concrete details across co...

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

DEBIAN-CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40154

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40153

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...