1632 matches found
PT-2026-41305
Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...
EUVD-2026-30548
Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017781)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017781 advisory. XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficien...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017728)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017728 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host...
Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017732)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017732 advisory. XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated...
RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
CVE-2023-43208 — Mirth Connect Pre-Auth RCE Pre-authenticated...
VulnCheck KEV: CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...
Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)
Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...
MiracleLinux 7 : xstream-1.3.1-16.el7 (AXSA:2021-2499:04)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2499:04 advisory. xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl CVE-2021-39139 xstream: Arbitrary code execution via...
MiracleLinux 7 : xstream-1.3.1-14.el7 (AXSA:2021-2208:03)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2208:03 advisory. XStream: remote command execution attack by manipulating the processed input stream CVE-2021-29505 Tenable has extracted the preceding description block...
MiracleLinux 7 : xstream-1.3.1-13.el7 (AXSA:2021-1711:02)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1711:02 advisory. XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet CVE-2021-21344 XStream: Unsafe deserizaliation of...
MiracleLinux 7 : xstream-1.3.1-12.el7 (AXSA:2021-1252:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1252:01 advisory. XStream: remote code execution due to insecure XML deserialization when relying on blocklists CVE-2020-26217 Tenable has extracted the preceding description...
Security Bulletin: IBM B2B Advanced Communications is affected by vulnerability in XStream
Summary IBM B2B Advanced Communications has addressed a vulnerability in XStream library shipped with product CVE-2024-47072. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote...
CVE-2025-1081
A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...
Exploit for Deserialization of Untrusted Data in Apache Struts
CVE-2017-9805: Apache Struts 2 S2-052 RCE Analizi Bu depo, Ap...
BIT-ACTIVEMQ-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...
BIT-ACTIVEMQ-2021-21350 XStream is vulnerable to an Arbitrary Code Execution attack
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...
BIT-ACTIVEMQ-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...
BIT-ACTIVEMQ-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...