CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

128 matches found

BDU FSTEC•added 2021/11/17 12:0 a.m.•5 views

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats lies in insufficient validation of incoming requests, allowing attackers to disclose sensitive information.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow an attacker to disclose sensitive information by manipulating the processed input data remotely...

8.6CVSS6.8AI score0.47754EPSS

Exploits1References19Affected Software29

Debian•added 2021/11/10 8:29 p.m.•47 views

[SECURITY] [DSA 5004-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...

9.9CVSS8.9AI score0.9851EPSS

Exploits27

Fedora•added 2021/10/29 11:18 p.m.•41 views

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.9CVSS0.4AI score0.9851EPSS

Exploits34

OSV•added 2021/09/08 11:3 a.m.•2 views

OESA-2021-1337 xstream security update

8.8CVSS7.8AI score0.9851EPSS

Exploits16References15

RedhatCVE•added 2021/08/25 8:0 p.m.•42 views

CVE-2021-39152

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS4AI score0.11468EPSS

Exploits2References4

OSV•added 2021/08/25 2:47 p.m.•0 views

GHSA-P8PQ-R894-FM8F XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS7.5AI score0.14414EPSS

Exploits0References13

NVD•added 2021/08/23 6:15 p.m.•20 views

CVE-2021-39149

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS0.04774EPSS

Exploits1References11

NVD•added 2021/08/23 6:15 p.m.•19 views

CVE-2021-39145

8.5CVSS0.04098EPSS

Exploits0References11

OSV•added 2021/08/23 6:15 p.m.•0 views

DEBIAN-CVE-2021-39149

8.5CVSS7.7AI score0.04774EPSS

Exploits1References1

OSV•added 2021/08/23 6:15 p.m.•1 views

DEBIAN-CVE-2021-39144

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS7.7AI score0.9851EPSS

Exploits6References1

OSV•added 2021/08/23 6:15 p.m.•1 views

DEBIAN-CVE-2021-39141

8.5CVSS7.7AI score0.16245EPSS

Exploits2References1

UbuntuCve•added 2021/08/23 6:15 p.m.•29 views

CVE-2021-39148

8.5CVSS7.2AI score0.04774EPSS

Exploits1References4

OSV•added 2021/08/23 6:15 p.m.•0 views

UBUNTU-CVE-2021-39145

8.5CVSS7.2AI score0.04098EPSS

Exploits0References5

UbuntuCve•added 2021/08/23 6:15 p.m.•29 views

CVE-2021-39147

8.5CVSS7.2AI score0.04774EPSS

Exploits1References4

OSV•added 2021/08/23 6:15 p.m.•0 views

UBUNTU-CVE-2021-39151

8.5CVSS7.2AI score0.04774EPSS

Exploits1References5

OSV•added 2021/08/23 6:15 p.m.•0 views

UBUNTU-CVE-2021-39154

8.5CVSS7.2AI score0.04774EPSS

Exploits1References5

Debian CVE•added 2021/08/23 6:5 p.m.•25 views

CVE-2021-39146

8.5CVSS9AI score0.14414EPSS

Exploits0

CNNVD•added 2021/08/23 12:0 a.m.•1 views

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS9.2AI score0.04774EPSS

Exploits1References25

Positive Technologies•added 2021/08/23 12:0 a.m.•3 views

PT-2021-22405 · Xstream +5 · Xstream +5

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.18 Description: The issue allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. This can be done when using affected versions of XStream, a...

9.9CVSS8.1AI score0.9851EPSS

Exploits29References178

BDU FSTEC•added 2021/08/04 12:0 a.m.•3 views

The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, is related to deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary commands.

The vulnerability of the Xstream library for converting objects to XML or JSON format is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

9CVSS7.4AI score0.77735EPSS

Exploits1References9Affected Software9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by