CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

731 matches found

UbuntuCve•added 2021/03/23 12:15 a.m.•28 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.2AI score0.7689EPSS

Exploits1References7

UbuntuCve•added 2021/03/23 12:15 a.m.•29 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7AI score0.77883EPSS

Exploits1References7

UbuntuCve•added 2021/03/23 12:15 a.m.•31 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS6.9AI score0.47594EPSS

Exploits1References7

UbuntuCve•added 2021/03/23 12:15 a.m.•26 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS6.7AI score0.14201EPSS

Exploits0References7

UbuntuCve•added 2021/03/23 12:15 a.m.•29 views

CVE-2021-21342

9.1CVSS6.9AI score0.50145EPSS

Exploits1References7

Prion•added 2021/03/23 12:15 a.m.•19 views

Design/Logic Flaw

5.8CVSS9.2AI score0.50145EPSS

Exploits1References15Affected Software12

Prion•added 2021/03/23 12:15 a.m.•24 views

Design/Logic Flaw

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

6.5CVSS9.4AI score0.7295EPSS

Exploits1References16Affected Software13

Prion•added 2021/03/23 12:15 a.m.•20 views

Design/Logic Flaw

7.5CVSS9.5AI score0.14683EPSS

Exploits1References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•27 views

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

5CVSS9AI score0.47754EPSS

Exploits1References15Affected Software14

Prion•added 2021/03/23 12:15 a.m.•23 views

Arbitrary file deletion

5CVSS8.2AI score0.47594EPSS

Exploits1References15Affected Software12

Prion•added 2021/03/23 12:15 a.m.•17 views

Design/Logic Flaw

7.5CVSS9.5AI score0.76512EPSS

Exploits1References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•20 views

Default configuration

7.8CVSS8.3AI score0.14201EPSS

Exploits0References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•25 views

Design/Logic Flaw

7.5CVSS9.5AI score0.7689EPSS

Exploits1References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•32 views

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

7.5CVSS9.6AI score0.15638EPSS

Exploits1References15Affected Software13