Lucene search
K

31 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0776

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.03901EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2025/02/07 11:26 a.m.22 views

K000149708: Java Xtream vulnerabilities CVE-2021-43859 and CVE-2024-47072

Security Advisory Description CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulti...

7.5CVSS6.7AI score0.07934EPSS
Exploits1
Debian
Debian
added 2024/12/21 10:7 p.m.14 views

[SECURITY] [DLA 4001-1] libxstream-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 21, 2024 https://wiki.debian.org/LTS -...

7.5CVSS8AI score0.07934EPSS
Exploits1
OSV
OSV
added 2024/03/06 10:58 a.m.29 views

BIT-JENKINS-2022-0538

Jenkins LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage...

7.5CVSS7.5AI score0.03901EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:50 a.m.25 views

Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly...

7.5CVSS7.3AI score0.07934EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 4:19 p.m.45 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to denial of service (CVE-2021-43859)

Summary XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

7.5CVSS7.5AI score0.07934EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/21 12:0 a.m.38 views

Oracle WebCenter Sites (Oct 2022 CPU)

The 12.2.1.3.0 and 12.2.1.4.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Centralized Thirdparty Jars...

9.8CVSS6.8AI score0.30367EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2022/04/27 7:44 a.m.86 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11.685 security and bug fix update

Red Hat OpenShift Container Platform release 3.11.685 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

8.8CVSS6.8AI score0.07934EPSS
Exploits1References15
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/30 3:22 p.m.33 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote...

7.5CVSS1.6AI score0.07934EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.26 views

openSUSE: Security Advisory for xstream (openSUSE-SU-2022:0817-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.07934EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/17 12:0 a.m.50 views

openSUSE 15 Security Update : xstream (openSUSE-SU-2022:0817-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0817-1 advisory. - XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocat...

7.5CVSS8.1AI score0.07934EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/03/15 12:0 a.m.34 views

SUSE SLED15 / SLES15 Security Update : xstream (SUSE-SU-2022:0817-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:0817-1 advisory. - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps bsc1195458. Tenable...

7.5CVSS7.2AI score0.07934EPSS
Exploits1References4
OSV
OSV
added 2022/03/14 9:22 a.m.9 views

SUSE-SU-2022:0817-1 Security update for xstream

This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps bsc1195458...

7.5CVSS7.5AI score0.07934EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2022/03/14 12:0 a.m.49 views

Security update for xstream (moderate)

openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2022:0817-1 Rating: moderate References: 1195458 Cross-References: CVE-2021-43859 CVSS scores: CVE-2021-43859 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43859 SUSE: 5.5...

5.5CVSS7AI score0.07934EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/03/14 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2022:0817-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.07934EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/07 12:0 a.m.94 views

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 Multiple DoS (CloudBees Security Advisory 2022-02-09)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.6, 2.303.x prior to 2.303.30.0.5, or 2.x prior to 2.319.3.3. It is, therefore, affected by multiple vulnerabilities: - XStream is an open source java library to serialize...

7.5CVSS8.2AI score0.07934EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/02/16 12:0 a.m.37 views

Debian DLA-2924-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2924 advisory. It was discovered that there was a potential remote denial of service DoS attack in XStream, a Java library used to serialize objects to XML and back again. An attacker cou...

7.5CVSS8.1AI score0.07934EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/02/12 12:0 a.m.14 views

Fedora: Security Advisory for xstream (FEDORA-2022-ad5cf1c0dd)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.07934EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/02/11 12:0 a.m.38 views

FreeBSD : jenkins -- DoS vulnerability in bundled XStream library (0b0ad196-1ee8-4a98-89b1-4d5d82af49a9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 advisory. - XStream is an open source java library to serialize objects to XML and back again. Versions...

7.5CVSS8.2AI score0.07934EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/10 12:0 a.m.30 views

DoS vulnerability in bundled XStream library in Jenkins Core

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerous others. This allows attackers able to submi...

7.5CVSS3.6AI score0.07934EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder