15 matches found
Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.11.0 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
SUSE: Security Advisory (SUSE-SU-2021:0176-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical: Red Hat Security Advisory: Red Hat Data Grid 8.2.0 security update
A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
Ubuntu: Security Advisory (USN-4943-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for xstream (openSUSE-SU-2021:0140-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security Bulletin: A security vulnerability has been identified in Xstream, which is a required product for IBM Tivoli Network Configuration Manager (CVE-2020-26258, CVE-2020-26259)
Summary A security vulnerability has been disclosed in the Xstream library , which is installed as part of IBM Tivoli Network Configuration Manager version 6.4.2. Information about this vulnerability has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTIO...
Ubuntu: Security Advisory (USN-4714-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : xstream (openSUSE-2021-140)
This update for xstream fixes the following issues : xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists bsc1180994. - CVE-2020-26258: Fixed a server-side request forgery vulnerability bsc1180146. -...
Exploit for OS Command Injection in Apache Struts
CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...
[SECURITY] [DSA 4828-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4828-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 07, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2507-1] libxstream-java security update
Debian LTS Advisory DLA-2507-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 31, 2020 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u1 CVE ID : CVE-2020-26258 CVE-2020-26259 Debian Bug : 977625 977624 Several security...
CVE-2020-26259
CVE-2020-26259 affects XStream in IBM Storage Copy Data Management (2.2.0.0–2.2.25.0). Unmarshalling user-supplied data could allow arbitrary file deletion on the host if the process runs with sufficient privileges. IBM’s remediation for the affected products is to upgrade to 2.2.26.0 (Linux) and...