[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Linux jss 安全漏洞

ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability exists in Linux jss that stems from a memory leak in a software TLS connection leading to an object serialization issue...

GHSA-6R7C-6W96-8PVW Remote Code Execution in AjaxNetProfessional

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. Description Serialization is a process of converting an object into a sequence of...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause a service failure by consuming excessive resources on the central processor...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

CVE-2021-39148

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

UBUNTU-CVE-2021-39145

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

CVE-2021-21979

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

Design/Logic Flaw

In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

Remote Code Execution

Overview serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This...

[SECURITY] Fedora 32 Update: PyYAML-5.3.1-1.fc32

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

Deserialization of untrusted data

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

Fedora Update for PyYAML FEDORA-2019-bed9afe622

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2016-9498

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...