Lucene search
+L

783 matches found

RedHat Linux
RedHat Linux
added 2021/04/26 5:52 a.m.5 views

XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator

A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.6AI score0.14301EPSS
Exploits1References4
OSV
OSV
added 2021/03/23 12:15 a.m.3 views

DEBIAN-CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS7.2AI score0.46826EPSS
Exploits1References1
NVD
NVD
added 2021/03/23 12:15 a.m.21 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS0.76367EPSS
Exploits1References15
OSV
OSV
added 2021/03/23 12:15 a.m.1 views

DEBIAN-CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.8AI score0.76367EPSS
Exploits1References1
OSV
OSV
added 2021/03/23 12:15 a.m.9 views

DEBIAN-CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.1AI score0.7598EPSS
Exploits1References1
OSV
OSV
added 2021/03/23 12:15 a.m.2 views

DEBIAN-CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS7.3AI score0.72324EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/03/23 12:15 a.m.1 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS6.3AI score0.15234EPSS
Exploits1References21Affected Software1
OSV
OSV
added 2021/03/23 12:15 a.m.7 views

UBUNTU-CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.2AI score0.14301EPSS
Exploits1References8
OSV
OSV
added 2021/03/23 12:15 a.m.16 views

UBUNTU-CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7AI score0.82136EPSS
Exploits1References8
OSV
OSV
added 2021/03/22 11:29 p.m.3 views

GHSA-QPFQ-PH7R-QV6F XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

6.1CVSS7.2AI score0.14301EPSS
Exploits1References17
OSV
OSV
added 2021/03/22 5:15 p.m.6 views

CVE-2021-27595

When a user opens manipulated Portable Document Format .PDF files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

3.3CVSS5.8AI score0.01384EPSS
Exploits0References2
OSV
OSV
added 2021/03/22 5:15 p.m.6 views

CVE-2021-27594

When a user opens manipulated Windows Bitmap .BMP files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

3.3CVSS5.8AI score0.00611EPSS
Exploits0References2
Prion
Prion
added 2021/03/22 5:15 p.m.15 views

Design/Logic Flaw

When a user opens manipulated Windows Bitmap .BMP files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

4.3CVSS4.2AI score0.00611EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.3 views

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate a processed input stream and replac...

7.5CVSS8.2AI score0.77801EPSS
Exploits1References39
CNVD
CNVD
added 2021/03/15 12:0 a.m.9 views

XStream Code Execution Vulnerability (CNVD-2021-28328)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References1
OSV
OSV
added 2021/03/09 3:15 p.m.5 views

CVE-2021-27585

When a user opens manipulated Computer Graphics Metafile .CGM format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

7.8CVSS6.1AI score0.0137EPSS
Exploits0References4
OSV
OSV
added 2021/03/09 3:15 p.m.7 views

CVE-2021-27592

When a user opens manipulated Universal 3D .U3D files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

7.8CVSS6.1AI score0.01382EPSS
Exploits0References5
OSV
OSV
added 2021/03/09 3:15 p.m.2 views

CVE-2021-27587

When a user opens manipulated Jupiter Tessellation .JT format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

7.8CVSS5.8AI score0.0137EPSS
Exploits0References4
Prion
Prion
added 2021/03/09 3:15 p.m.18 views

Design/Logic Flaw

When a user opens manipulated Computer Graphics Metafile .CGM format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

6.8CVSS7.5AI score0.0137EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/09 2:8 p.m.26 views

CVE-2021-21493

When a user opens manipulated Graphics Interchange Format .GIF format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

4.3CVSS4.3AI score0.01398EPSS
Exploits0References18
Rows per page
Query Builder