Lucene search
K

739 matches found

RedhatCVE
RedhatCVE
added 2021/08/25 6:58 p.m.57 views

CVE-2021-39140

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

6.5CVSS2.6AI score0.05918EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.69 views

XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

6.5CVSS7.3AI score0.05918EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.317 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.16118EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04065EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.57 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.143EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.51 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04735EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.53 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.03437EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.50 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.11468EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...

8.5CVSS8.8AI score0.04457EPSS
Exploits1References13Affected Software1
Veracode
Veracode
added 2021/08/24 6:59 a.m.31 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.03437EPSS
Exploits2References15Affected Software4
Veracode
Veracode
added 2021/08/24 6:48 a.m.34 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.04457EPSS
Exploits1References15Affected Software4
Veracode
Veracode
added 2021/08/24 6:43 a.m.25 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.04735EPSS
Exploits1References15Affected Software4
Veracode
Veracode
added 2021/08/24 6:32 a.m.83 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.98124EPSS
Exploits6References16Affected Software4
Veracode
Veracode
added 2021/08/24 6:27 a.m.43 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.16118EPSS
Exploits2References16Affected Software4
Veracode
Veracode
added 2021/08/24 6:15 a.m.43 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.8AI score0.16118EPSS
Exploits2References15Affected Software4
Veracode
Veracode
added 2021/08/24 2:36 a.m.30 views

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure blacklist which does not cover all the excluded XStream security framework...

8.5CVSS2.7AI score0.04735EPSS
Exploits1References15Affected Software4
NVD
NVD
added 2021/08/23 7:15 p.m.22 views

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS0.11468EPSS
Exploits2References11
OSV
OSV
added 2021/08/23 7:15 p.m.2 views

DEBIAN-CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS7.2AI score0.11468EPSS
Exploits2References1
OSV
OSV
added 2021/08/23 7:15 p.m.30 views

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS6.8AI score0.11468EPSS
Exploits2References11
NVD
NVD
added 2021/08/23 7:15 p.m.16 views

CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS0.03437EPSS
Exploits2References11
Rows per page
Query Builder