1634 matches found
XStream 1.4.18 - Arbitrary Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
XStream <1.4.18 - Server-Side Request Forgery
XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
XStream <1.4.17 - Remote Code Execution
XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...
XStream < 1.4.16 - Remote Code Execution
XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operation...
XStream <1.4.14 - Remote Code Execution
XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...
XStream <1.4.6/1.4.10 - Remote Code Execution
Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to...
XStream <1.4.16 - Remote Code Execution
XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...
XStream <1.4.15 - Server-Side Request Forgery
XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorize...
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
ROOT-APP-MAVEN-CVE-2024-47072 CVE-2024-47072 in io.root.com.thoughtworks.xstream:xstream - Patched by Root
Root has patched CVE-2024-47072 in the io.root.com.thoughtworks.xstream:xstream package for Root:Maven. Multiple fixed versions available...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-016761)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016761 advisory. XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on...
Astra Linux – Vulnerability in libxstream-java
XStream is software used for serializing Java objects into XML and back again. A vulnerability exists in XStream versions prior to 1.4.17, which may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users who...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream contained type information at the time of unmarshaling, allowing new instances to be created based on those type information. Attackers...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to request data from internal resources that were not publicly available, by manipulating the processed input stream. No users are affecte...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...