31 matches found
EUVD-2022-0776
Malicious code in bioql PyPI...
K000149708: Java Xtream vulnerabilities CVE-2021-43859 and CVE-2024-47072
Security Advisory Description CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulti...
[SECURITY] [DLA 4001-1] libxstream-java security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 21, 2024 https://wiki.debian.org/LTS -...
BIT-JENKINS-2022-0538
Jenkins LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage...
Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly...
Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to denial of service (CVE-2021-43859)
Summary XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...
Oracle WebCenter Sites (Oct 2022 CPU)
The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Centralized Thirdparty Jars...
Important: Red Hat Security Advisory: OpenShift Container Platform 3.11.685 security and bug fix update
Red Hat OpenShift Container Platform release 3.11.685 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote...
openSUSE: Security Advisory for xstream (openSUSE-SU-2022:0817-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : xstream (openSUSE-SU-2022:0817-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0817-1 advisory. - XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocat...
SUSE SLED15 / SLES15 Security Update : xstream (SUSE-SU-2022:0817-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0817-1 advisory. - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps bsc1195458. Tenable...
SUSE-SU-2022:0817-1 Security update for xstream
This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps bsc1195458...
Security update for xstream (moderate)
openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2022:0817-1 Rating: moderate References: 1195458 Cross-References: CVE-2021-43859 CVSS scores: CVE-2021-43859 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43859 SUSE: 5.5...
SUSE: Security Advisory (SUSE-SU-2022:0817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 Multiple DoS (CloudBees Security Advisory 2022-02-09)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.6, 2.303.x prior to 2.303.30.0.5, or 2.x prior to 2.319.3.3. It is, therefore, affected by multiple vulnerabilities: - XStream is an open source java library to serialize...
Debian DLA-2924-1 : libxstream-java - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2924 advisory. It was discovered that there was a potential remote denial of service DoS attack in XStream, a Java library used to serialize objects to XML and back again. An attacker cou...
Fedora: Security Advisory for xstream (FEDORA-2022-ad5cf1c0dd)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FreeBSD : jenkins -- DoS vulnerability in bundled XStream library (0b0ad196-1ee8-4a98-89b1-4d5d82af49a9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 advisory. - XStream is an open source java library to serialize objects to XML and back again. Versions...
DoS vulnerability in bundled XStream library in Jenkins Core
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerous others. This allows attackers able to submi...