Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 12:43 p.m.28 views

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks

Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...

8.2CVSS7.5AI score0.08689EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.26 views

Oracle WebCenter Sites (Jul 2023 CPU)

The 12.2.1.4.0 version of WebCenter Sites installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites XStream. The supported version...

8.2CVSS7AI score0.10608EPSS
Exploits2References4
NCSC
NCSC
added 2023/07/19 12:0 a.m.42 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

9.8CVSS7.9AI score0.99615EPSS
Exploits34
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 3:13 p.m.28 views

Security Bulletin: Vulnerability in XStream affects IBM Process Mining . CVE-2022-41966

Summary There is a vulnerability in XStream that could allow a remote attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream i...

8.2CVSS7.7AI score0.08689EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/21 12:0 a.m.43 views

Oracle Enterprise Manager Ops Center (Apr 2023 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by a DoS vulnerability in XStream component as referenced in the April 2023 CPU advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to...

8.2CVSS7.1AI score0.08689EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/03/30 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2023:1673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS8AI score0.08689EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.40 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xstream (SUSE-SU-2023:1673-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1673-1 advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. I...

8.2CVSS7.3AI score0.08689EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2023/03/16 9:31 a.m.55 views

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update

Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS6.7AI score0.08689EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2023/03/09 10:47 a.m.51 views

Important: Red Hat Security Advisory: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update

Red Hat Integration Camel Extensions for Quarkus 2.7-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scori...

8.2CVSS6.7AI score0.08689EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2023/02/16 11:56 a.m.48 views

CVE-2022-41966

A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow...

7.5CVSS4.6AI score0.08689EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/08 6:56 a.m.45 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to All XStream (Publicly disclosed vulnerability) (CVE-2022-41966)

Summary IBM Jazz for Service Management is vulnerable to to All XStream Publicly disclosed vulnerability . XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of...

8.2CVSS7.7AI score0.08689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 6:27 p.m.36 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at...

8.2CVSS7.5AI score0.08689EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/16 12:0 a.m.94 views

FreeBSD : security/keycloak -- Multiple possible DoS attacks (9d9e9439-959e-11ed-b464-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9e9439-959e-11ed-b464-b42e991fc52e advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS...

8.2CVSS7.2AI score0.08689EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/01/16 12:0 a.m.48 views

Debian dla-3267 : libxstream-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3267 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS6.9AI score0.08689EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.40 views

Debian DSA-5315-1 : libxstream-java - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5315 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow...

8.2CVSS7AI score0.08689EPSS
Exploits1References6
Debian
Debian
added 2023/01/11 10:54 p.m.41 views

[SECURITY] [DLA 3267-1] libxstream-java security update

Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML a...

8.2CVSS6.8AI score0.08689EPSS
Exploits1
Debian
Debian
added 2023/01/11 10:35 p.m.40 views

[SECURITY] [DSA 5315-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5315-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...

8.2CVSS8AI score0.08689EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/12/29 1:48 a.m.7 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +7677 more potentially affected by CVE-2022-41966 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.2)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =1.1.0 - be.ordina:microservices-dashboard-server =1.0.1 and more Source cves: CVE-2022-41966 Source...

8.2CVSS6.4AI score0.08689EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/12/29 1:48 a.m.76 views

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

8.2CVSS7.7AI score0.08689EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/27 11:7 p.m.31 views

CVE-2022-41966 XStream Denial of Service via stack overflow

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

8.2CVSS6.7AI score0.08689EPSS
Exploits1References5
Rows per page
Query Builder