260 matches found
DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Confluence Data Center and Server
This High severity com.thoughtworks.xstream:xstream Dependency vulnerability was introduced in versions 2.2 of Confluence Data Center and Server. This com.thoughtworks.xstream:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
Atlassian Jira Service Management Data Center and Server 5.7 < 5.12.19 / 5.13.x < 10.3.4 / 10.4.x < 10.5.0 (JSDSERVER-16086)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16086 advisory. - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow...
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...
com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...
Security Bulletin: ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager (FNCM) Content Search Services (CSS)
Summary ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By...
Security Bulletin: Vulnerability in XStream affect BM Spectrum Control
Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...
Amazon Linux 2 : xstream (ALAS-2024-2707)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2707 advisory. XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides...
Important: xstream
Issue Overview: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides a BinaryStreamDriver with an own optimized serialization format. The format uses ids for string values as deduplication. The mapping for these ids are...
Important: xstream
Issue Overview: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides a BinaryStreamDriver with an own optimized serialization format. The format uses ids for string values as deduplication. The mapping for these ids are...
Denial Of Service (DoS)
com.thoughtworks.xstream, xstream is vulnerable to a Denial of service DoS. The vulnerability is due to a stack overflow that allows an attacker to manipulate the processed input stream when XStream is configured to use the BinaryStreamDriver...
DEBIAN-CVE-2024-47072
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...
UBUNTU-CVE-2024-47072
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +8570 more potentially affected by CVE-2024-47072 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.20)
com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.2.2, =0.0.11, =0.8.38, =0.8.38, =0.8.38, =0.8.42 and more Source cves: CVE-2024-47072 Source advisory: OSV:GHSA-HFQ9-HGGM-C56Q...
PT-2024-7918
Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.21 Bitbucket Data Center and Server versions 8.6.0 through 8.19.0 Bitbucket Data Center and Server versions 9.0.0 through 9.4.0 Bitbucket Data Center and Server version 8.9.0 through 8.9.23 Bitbucket Data Center a...
Amazon Linux 2 : xstream (ALAS-2024-2464)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...
USN-5946-1 libxstream-java vulnerabilities
Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04...
SUSE CVE-2018-1327
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...
SUSE CVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...
SUSE CVE-2020-26259
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...
SUSE CVE-2021-21341
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...