Lucene search
+L

260 matches found

Atlassian
Atlassian
added 2025/04/09 12:12 p.m.36 views

DoS (Denial of Service) com.thoughtworks.xstream:xstream Dependency in Confluence Data Center and Server

This High severity com.thoughtworks.xstream:xstream Dependency vulnerability was introduced in versions 2.2 of Confluence Data Center and Server. This com.thoughtworks.xstream:xstream Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.6AI score0.02015EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.8 views

Atlassian Jira Service Management Data Center and Server 5.7 < 5.12.19 / 5.13.x < 10.3.4 / 10.4.x < 10.5.0 (JSDSERVER-16086)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16086 advisory. - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow...

7.5CVSS6.3AI score0.02015EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/04 2:39 p.m.6 views

com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

7.5CVSS6.8AI score0.02015EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/04 2:20 p.m.3 views

com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application...

7.5CVSS6.8AI score0.02015EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/28 3:15 p.m.33 views

Security Bulletin: ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager (FNCM) Content Search Services (CSS)

Summary ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By...

7.5CVSS7.8AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:9 a.m.18 views

Security Bulletin: Vulnerability in XStream affect BM Spectrum Control

Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

7.5CVSS7AI score0.02015EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.18 views

Amazon Linux 2 : xstream (ALAS-2024-2707)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2707 advisory. XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides...

7.5CVSS6.5AI score0.02015EPSS
Exploits0References4
Amazon
Amazon
added 2024/12/19 12:0 a.m.4 views

Important: xstream

Issue Overview: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides a BinaryStreamDriver with an own optimized serialization format. The format uses ids for string values as deduplication. The mapping for these ids are...

7.5CVSS7.2AI score0.02015EPSS
Exploits0
Amazon
Amazon
added 2024/12/19 12:0 a.m.13 views

Important: xstream

Issue Overview: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream. XStream provides a BinaryStreamDriver with an own optimized serialization format. The format uses ids for string values as deduplication. The mapping for these ids are...

7.5CVSS7.7AI score0.02015EPSS
Exploits0
Veracode
Veracode
added 2024/11/20 3:40 a.m.15 views

Denial Of Service (DoS)

com.thoughtworks.xstream, xstream is vulnerable to a Denial of service DoS. The vulnerability is due to a stack overflow that allows an attacker to manipulate the processed input stream when XStream is configured to use the BinaryStreamDriver...

7.5CVSS6.9AI score0.02015EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/11/08 12:15 a.m.1 views

DEBIAN-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.2AI score0.02015EPSS
Exploits0References1
OSV
OSV
added 2024/11/08 12:15 a.m.9 views

UBUNTU-CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.5AI score0.02015EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/11/07 9:51 p.m.8 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +8570 more potentially affected by CVE-2024-47072 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.20)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.2.2, =0.0.11, =0.8.38, =0.8.38, =0.8.38, =0.8.42 and more Source cves: CVE-2024-47072 Source advisory: OSV:GHSA-HFQ9-HGGM-C56Q...

7.5CVSS6.6AI score0.02015EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.3 views

PT-2024-7918

Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.21 Bitbucket Data Center and Server versions 8.6.0 through 8.19.0 Bitbucket Data Center and Server versions 9.0.0 through 9.4.0 Bitbucket Data Center and Server version 8.9.0 through 8.9.23 Bitbucket Data Center a...

7.8CVSS6.5AI score0.02015EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2024/02/19 12:0 a.m.41 views

Amazon Linux 2 : xstream (ALAS-2024-2464)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

7.5CVSS7.6AI score0.01022EPSS
Exploits1References4
OSV
OSV
added 2023/03/13 10:57 a.m.2 views

USN-5946-1 libxstream-java vulnerabilities

Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04...

8.8CVSS6.7AI score0.98124EPSS
Exploits17References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.7 views

SUSE CVE-2018-1327

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...

7.5CVSS9.4AI score0.09224EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.7 views

SUSE CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

8.1CVSS8.3AI score0.85001EPSS
Exploits7References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.7 views

SUSE CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

5.4CVSS7.1AI score0.82392EPSS
Exploits5References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

5.9CVSS7.5AI score0.77801EPSS
Exploits1References7
Rows per page
Query Builder