CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

VulnCheck KEV: CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

BIT-ACTIVEMQ-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

PostgreSQL JDBC Drive Information Disclosure Vulnerability

PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...

Denial Of Service (DoS)

protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...

Alluxio 安全漏洞

Alluxio is Alluxio's to improve the speed of end-to-end distributed machine learning in the cloud. a security vulnerability exists in versions prior to Alluxio 2.7.3, which stems from the failure of the log server to validate input streams. No details of the vulnerability are currently available...

UBUNTU-CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

XStream 资源管理错误漏洞

XStream is a lightweight, easy-to-use, open source Java class library from the XStream Xstream team that is primarily used to serialize or deserialize objects into XML JSON. XStream suffers from a Resource Management Error vulnerability that allows a remote attacker to exploit the vulnerability b...

XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader

A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

GHSA-H7V4-7XG3-HXCC XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

CVE-2021-39153

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream code execution vulnerability , an attacker can be exploited to manipulate the processed input stream and replace or inject...

mpg123 -- buffer overflow vulnerability

Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in input streams. This vulnerability can potentially lead to execution of arbitrary code with the permissions of the user running mpg123, if the user runs mpg123 on a specially crafted MP2 or MP3 file...