Lucene search
+L

88 matches found

OSV
OSV
added 2021/03/23 12:15 a.m.7 views

UBUNTU-CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.2AI score0.14301EPSS
Exploits1References8
OSV
OSV
added 2021/03/22 11:29 p.m.2 views

GHSA-QPFQ-PH7R-QV6F XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

6.1CVSS7.2AI score0.14301EPSS
Exploits1References17
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.3 views

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate a processed input stream and replac...

7.5CVSS8.2AI score0.77801EPSS
Exploits1References39
CNVD
CNVD
added 2021/03/15 12:0 a.m.8 views

XStream Code Execution Vulnerability (CNVD-2021-28328)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References1
OSV
OSV
added 2021/01/28 8:38 p.m.13 views

USN-4714-1 libxstream-java vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

9.3CVSS6.9AI score0.85001EPSS
Exploits11References4
OSV
OSV
added 2020/11/16 9:15 p.m.3 views

DEBIAN-CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

8.8CVSS7.3AI score0.85001EPSS
Exploits7References1
OSV
OSV
added 2020/05/29 4:15 p.m.5 views

UBUNTU-CVE-2020-11017

In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0...

6.5CVSS7AI score0.01843EPSS
Exploits0References3
OSV
OSV
added 2019/05/15 5:29 p.m.5 views

UBUNTU-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

9.8CVSS7.2AI score0.84362EPSS
Exploits5References6
Rows per page
Query Builder