Lucene search
+L

260 matches found

RedHat Linux
RedHat Linux
added 2022/02/14 1:6 p.m.7 views

xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.143EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/14 1:6 p.m.7 views

xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.16118EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/02/14 1:6 p.m.6 views

XStream: remote command execution attack by manipulating the processed input stream

A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.4AI score0.77735EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.4 views

PT-2022-4626 · Xstream +2 · Xstream +2

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.19 Description: The issue is related to an uncontrolled resource consumption in the XStream Java library, which can be exploited by a remote attacker to cause a denial of service. This can be achieved by...

7.8CVSS6.7AI score0.07934EPSS
Exploits1References52
CNNVD
CNNVD
added 2022/01/29 12:0 a.m.4 views

XStream 资源管理错误漏洞

XStream is a lightweight, easy-to-use, open source Java class library from the XStream Xstream team that is primarily used to serialize or deserialize objects into XML JSON. XStream suffers from a Resource Management Error vulnerability that allows a remote attacker to exploit the vulnerability b...

7.5CVSS8.2AI score0.07934EPSS
Exploits1References24
RedHat Linux
RedHat Linux
added 2022/01/26 4:33 p.m.5 views

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.04735EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/26 4:33 p.m.3 views

xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS7.4AI score0.11377EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/01/26 3:52 p.m.7 views

xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.04735EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.8 views

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.5 views

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS7.4AI score0.4999EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.5 views

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS7.5AI score0.13832EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.4 views

XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7.6AI score0.77801EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.4 views

XStream: arbitrary file deletion on the local host via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS7.4AI score0.46666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.6 views

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS7.4AI score0.4999EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.3 views

XStream: arbitrary file deletion on the local host via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS7.4AI score0.46666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.8 views

XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet

A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.6AI score0.7598EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.2 views

XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue

A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.7AI score0.76367EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.3 views

xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.04065EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.2 views

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.6 views

XStream: arbitrary file deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS7.5AI score0.82392EPSS
Exploits5References4
Rows per page
Query Builder