15 matches found
SUSE CVE-2021-39153
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.3.0 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.0 security update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Critical: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: xstream
Issue Overview: A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update
A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...
[SECURITY] [DSA 5004-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...
RHEL 7 : xstream (RHSA-2021:3956)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3956 advisory. XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fixes: xstream: Arbitrary code...
Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for xstream (important)
openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2021:3476-1 Rating: important References: 1189798 Cross-References: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6134 more potentially affected by CVE-2021-39153 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)
com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39153 Source advisory: OSV:GHSA-2Q8X-2P7F-574V...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...
CVE-2021-39153
creationtimestamp| type| source ---|---|--- 2021-08-23 22:23:42+00:00| seen| https://t.me/cibsecurity/27723...
CVE-2021-39153
CVE-2021-39153 affects XStream Java library. In affected releases, a remote attacker could load and execute arbitrary code by manipulating the processed input stream, when using XStream out of the box with certain Java runtimes (Java 14 to 8) or with JavaFX installed. The issue is tied to input-p...