Lucene search
+L

141 matches found

OSV
OSV
added 2021/03/23 12:15 a.m.41 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.5CVSS7.5AI score0.13832EPSS
Exploits0References15
OSV
OSV
added 2021/03/23 12:15 a.m.27 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS9.1AI score0.4999EPSS
Exploits1References15
Prion
Prion
added 2021/03/23 12:15 a.m.24 views

Arbitrary file deletion

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

5CVSS8.2AI score0.46666EPSS
Exploits1References15Affected Software12
UbuntuCve
UbuntuCve
added 2021/03/23 12:15 a.m.33 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7AI score0.82136EPSS
Exploits1References7
Prion
Prion
added 2021/03/23 12:15 a.m.19 views

Design/Logic Flaw

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

6.5CVSS9.5AI score0.82136EPSS
Exploits1References15Affected Software13
Cvelist
Cvelist
added 2021/03/22 11:40 p.m.31 views

CVE-2021-21341 XStream can cause a Denial of Service

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS8.7AI score0.77801EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2021/03/22 11:40 p.m.38 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS7.4AI score0.4999EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/22 11:40 p.m.35 views

CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

5.3CVSS8.6AI score0.46666EPSS
Exploits1References15
Debian CVE
Debian CVE
added 2021/03/22 11:40 p.m.32 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS6.8AI score0.46666EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/22 11:40 p.m.23 views

CVE-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

5.8CVSS9.8AI score0.72324EPSS
Exploits1References16
Cvelist
Cvelist
added 2021/03/22 11:40 p.m.28 views

CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

6.1CVSS9.9AI score0.14301EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.9 views

PT-2021-4780 · Xstream +7 · Xstream +7

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used for serializing objects to XML and back again. It may allow a remote attacker to load and execute arbitrary code from a remote host ...

10CVSS7.1AI score0.98124EPSS
Exploits59References625
Ubuntu
Ubuntu
added 2021/01/28 8:38 p.m.134 views

USN-4714-1: XStream vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

9.3CVSS7.5AI score0.85001EPSS
Exploits11
NVD
NVD
added 2020/12/16 1:15 a.m.32 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

7.7CVSS7.7AI score0.82238EPSS
Exploits4References14
OSV
OSV
added 2020/12/16 1:15 a.m.36 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS9.2AI score0.82392EPSS
Exploits5References9
OSV
OSV
added 2020/12/16 1:15 a.m.30 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

7.7CVSS9.4AI score0.82238EPSS
Exploits4References14
UbuntuCve
UbuntuCve
added 2020/12/16 1:15 a.m.36 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

7.7CVSS6.9AI score0.82238EPSS
Exploits4References6
UbuntuCve
UbuntuCve
added 2020/12/16 1:15 a.m.46 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS6.8AI score0.82392EPSS
Exploits5References6
Cvelist
Cvelist
added 2020/12/16 1:5 a.m.31 views

CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

6.3CVSS8.1AI score0.82238EPSS
Exploits4References9
Debian
Debian
added 2020/12/15 12:12 p.m.30 views

[SECURITY] [DSA 4811-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4811-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2020 https://www.debian.org/security/faq -...

9.3CVSS8.5AI score0.85001EPSS
Exploits7
Rows per page
Query Builder