Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

731 matches found

Debian CVE
Debian CVEadded 2021/03/22 11:45 p.m.20 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS7.7AI score0.14201EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/03/22 11:45 p.m.28 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS8.3AI score0.15638EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:45 p.m.23 views

CVE-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

5.4CVSS9.9AI score0.82552EPSS
Exploits1References15
Debian CVE
Debian CVEadded 2021/03/22 11:45 p.m.28 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS8.4AI score0.82552EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.23 views

CVE-2021-21341 XStream can cause a Denial of Service

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS8.7AI score0.77883EPSS
Exploits1References15
CVE
CVEadded 2021/03/22 11:40 p.m.489 views

CVE-2021-21342

CVE-2021-21342 affects the Java library XStream (prior to 1.4.16). During unmarshalling, the processed input stream can include type information used to recreate objects, enabling an attacker to inject/replace objects and trigger a server-side forgery. The documented fix is to upgrade to at least...

9.1CVSS7.3AI score0.50145EPSS
Exploits1References15Affected Software1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.31 views

CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

5.3CVSS8.6AI score0.47594EPSS
Exploits1References15
Debian CVE
Debian CVEadded 2021/03/22 11:40 p.m.32 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS6.8AI score0.47594EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.22 views

CVE-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

5.3CVSS9.9AI score0.76512EPSS
Exploits1References15
Debian CVE
Debian CVEadded 2021/03/22 11:40 p.m.24 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.5AI score0.76512EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.19 views

CVE-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

5.8CVSS9.8AI score0.7295EPSS
Exploits1References16
Debian CVE
Debian CVEadded 2021/03/22 11:40 p.m.37 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS7.8AI score0.7295EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.19 views

CVE-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

6.1CVSS9.9AI score0.7689EPSS
Exploits1References15
Debian CVE
Debian CVEadded 2021/03/22 11:40 p.m.29 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.2AI score0.7689EPSS
Exploits1
Cvelist
Cvelistadded 2021/03/22 11:40 p.m.24 views

CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

6.1CVSS9.9AI score0.14683EPSS
Exploits1References15
Debian CVE
Debian CVEadded 2021/03/22 11:40 p.m.29 views

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS8.2AI score0.14683EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2021/03/22 11:29 p.m.53 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

9.1CVSS1.4AI score0.82552EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blogadded 2021/03/22 11:29 p.m.74 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

9.8CVSS3AI score0.15638EPSS
Exploits1References17Affected Software1
OSV
OSVadded 2021/03/22 11:29 p.m.0 views

GHSA-43GC-MJXG-GVRQ XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. Patches If you rely on...

5.3CVSS7.2AI score0.15638EPSS
Exploits1References17
Github Security Blog
Github Security Blogadded 2021/03/22 11:29 p.m.54 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the...

8.6CVSS0.4AI score0.47754EPSS
Exploits1References17Affected Software1
Rows per page
Query Builder