Lucene search
K

12 matches found

OSV
OSV
added 2025/12/03 2:35 p.m.9 views

BIT-ACTIVEMQ-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.3AI score0.82136EPSS
Exploits1References16
OSV
OSV
added 2025/12/03 2:35 p.m.4 views

BIT-ACTIVEMQ-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.2AI score0.76367EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.4CVSS7.4AI score0.4999EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.2 views

XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7.6AI score0.77801EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.8 views

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.8 views

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS7.5AI score0.13832EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:14 p.m.9 views

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS7.5AI score0.13832EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:14 p.m.4 views

XStream: arbitrary file deletion on the local host via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS7.4AI score0.46666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.8 views

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References4
OSV
OSV
added 2021/03/23 12:15 a.m.9 views

DEBIAN-CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.1AI score0.7598EPSS
Exploits1References1
OSV
OSV
added 2021/03/23 12:15 a.m.2 views

DEBIAN-CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7AI score0.77801EPSS
Exploits1References1
OSV
OSV
added 2021/03/23 12:15 a.m.12 views

UBUNTU-CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7AI score0.82136EPSS
Exploits1References8
Rows per page
Query Builder