CVE-2021-21351

CVE-2021-21351 is an XStream deserialization vulnerability. Connected IBM advisories confirm the issue affects IBM Data Risk Manager (IDRM) and IBM Engineering/Test Management products via bundled XStream versions, with exploitation through unmarshalling to achieve arbitrary code execution. Remed...

CVE-2021-21341 XStream can cause a Denial of Service

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

CVE-2021-21341

CVE-2021-21341 affects the XStream Java library (unmarshalling) prior to 1.4.16. The vulnerability enables a remote attacker to cause a denial-of-service by consuming 100% CPU time via manipulated input streams. Impact is described as CPU denial of service; no user impact if the recommended Secur...

CVE-2021-21342

CVE-2021-21342 affects the Java library XStream (prior to 1.4.16). During unmarshalling, the processed input stream can include type information used to recreate objects, enabling an attacker to inject/replace objects and trigger a server-side forgery. The documented fix is to upgrade to at least...

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

CVE-2021-21343

CVE-2021-21343 affects XStream (Java) prior to 1.4.16. The vulnerability arises during unmarshalling when the processed input stream carries type information, enabling an attacker to create new instances based on that data and potentially replace or inject objects, including causing local file de...

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

CVE-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

CVE-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

XStream 操作系统命令注入漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a code execution vulnerability that can be exploited by an attacker to manipulate the processed input stream and replace...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

SUSE-SU-2021:0906-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ - Better performing string replacements grafana-formula: - Set supported to false for unsupported systems bsc1182001 - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions mgr-libmod: - Fix 'listmodules'...

Security Bulletin: A vulnerability in IBM Java SE affects IBM Elastic Storage System

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Elastic Storage System. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

USN-4795-1 groovy2 vulnerability

It was discovered that Apache Groovy incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code...

USN-4795-1: Apache Groovy vulnerability

It was discovered that Apache Groovy incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code...

DEBIAN-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

PT-2021-5150

Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.16 Description The issue concerns a Java library used for serializing objects to XML and back. It may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed...