NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Vulnerability (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Vulnerability (NS-SA-2021-0179)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Multiple Vulnerabilities (NS-SA-2021-0108)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by multiple vulnerabilities: - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a...

Oracle Linux 7 : xstream (ELSA-2021-3956)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3956 advisory. - Resolves: CVE-2021-39148 - Resolves: CVE-2021-39139 - Resolves: CVE-2021-39140 - Resolves: CVE-2021-39141 - Resolves: CVE-2021-39144 - Resolves:...

xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

worldcastsystems.com Open Redirect vulnerability OBB-2153799

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Debian DLA-2769-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2769 advisory. - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute...

APACHE SHIRO authentication bypass vulnerability

Apache Shiro is a powerful and easy-to-use Java security framework with features including authentication, authorization, encryption and session management.APACHE SHIRO authentication bypass vulnerability can be exploited by attackers to construct specific HTTP requests to bypass authentication a...

Remote Code Execution (RCE)

XStream is vulnerable to remote code execution. A remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minim...

SLSA - Supply-chain Levels For Software Artifacts

SLSA pronounced "salsa" is security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity. The best way to read about SLSA is to visitslsa.dev. What's in this repo? The primary content of this...

Improper Certificate Validation in security-framework

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

GHSA-JQQR-C2R2-9CVR Improper Certificate Validation in security-framework

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...