UBUNTU-CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2021-39150 A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2021-39152

CVE-2021-39152 concerns the XStream Java XML serialization library. The vulnerability allows a remote attacker to request data from internal resources not publicly available by manipulating the processed input stream, impacting systems using affected XStream versions when running Java runtimes ar...

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of th...

CVE-2021-39153

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...

Design/Logic Flaw

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...

CVE-2021-39153 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime...

CVE-2021-39153

CVE-2021-39153 affects XStream Java library. In affected releases, a remote attacker could load and execute arbitrary code by manipulating the processed input stream, when using XStream out of the box with certain Java runtimes (Java 14 to 8) or with JavaFX installed. The issue is tied to input-p...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221)

Summary Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a...

VulnCheck KEV: CVE-2013-2460

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from...

java security update

CentOS Errata and Security Advisory CESA-2021:2845 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 8 Service Refresh 5 Fix Pack 17 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details If you run...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0 and 2.2.1. These issues were disclosed as part of the IBM Java SDK updates in April 2018...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony

Summary Multiple vulnerabilities exist in IBM® Runtime Environment Java™ versions, specifically Version 6 Service Refresh 16 Fix Pack 60 and earlier releases used by IBM Platform Symphony 6.1.1, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases used by IBM Platform Symphony 7.1 Fix Pa...

Important: Red Hat Security Advisory: OpenJDK 11.0.12 Security Update for Windows Builds

The Red Hat Build of OpenJDK 11 java-11-openjdk is now available for Windows. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: Vulnerability in SSLv3 affects FileNet Content Manager, FileNet BPM and IBM Content Foundation (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is a configurable option in FileNet Content Manager and FileNet BPM products. If using SSLv3 with these products, please refer to the sections below to...