Lucene search
K

739 matches found

OSV
OSV
added 2021/03/22 11:27 p.m.2 views

GHSA-2P3X-QW9C-25HH XStream can cause a Denial of Service.

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

7.5CVSS7.1AI score0.77801EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.7 views

PT-2021-4787 · Xstream +6 · Xstream +6

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue concerns a Java library used to serialize objects to XML and back again. It may allow a remote attacker to execute arbitrary code by manipulating the processed input stream. Users who se...

10CVSS7.3AI score0.98124EPSS
Exploits39References217
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.6 views

PT-2021-4767 · Xstream +4 · Xstream +4

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used to serialize objects to XML and back again. A vulnerability may allow a remote attacker to request data from internal resources that...

9.9CVSS6.4AI score0.98124EPSS
Exploits39References203
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.6 views

PT-2021-5333 · Xstream +4 · Xstream +4

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the deserialization mechanism in the XStream Java library, which is used for converting objects to XML or JSON formats. An attacker can exploit this by manipulating the inp...

9.9CVSS6.5AI score0.98124EPSS
Exploits39References206
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.7 views

PT-2021-4766 · Xstream +5 · Xstream +5

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue concerns a Java library used for serializing objects to XML and back. It may allow a remote attacker to occupy a thread, causing it to consume maximum CPU time and never return. Users wh...

10CVSS6.4AI score0.98124EPSS
Exploits59References614
Ubuntu
Ubuntu
added 2021/02/18 8:35 p.m.119 views

USN-4740-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms...

9.8CVSS8.2AI score0.24436EPSS
Exploits1
OSV
OSV
added 2021/02/04 11:2 a.m.6 views

OESA-2021-1015 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

7.7CVSS6.7AI score0.82392EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2021/02/02 12:0 a.m.227 views

Oracle WebCenter Portal Multiple Vulnerabilities (Jan 2021 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2021 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware...

9.8CVSS6.4AI score0.28839EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/01/26 12:0 a.m.40 views

Amazon Linux 2 : xstream (ALAS-2021-1593)

The version of xstream installed on the remote host is prior to 1.3.1-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1593 advisory. A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list,...

9.3CVSS7.5AI score0.85001EPSS
Exploits7References3
GithubExploit
GithubExploit
added 2021/01/22 8:44 a.m.120 views

Exploit for Server-Side Request Forgery in Apache Struts

Description XStream is a Java library to serialize objects t...

7.7CVSS7.3AI score0.82238EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2020/12/21 4:28 p.m.147 views

Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

7.7CVSS8.3AI score0.82238EPSS
Exploits4References15Affected Software1
OSV
OSV
added 2020/12/21 4:28 p.m.1 views

GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

6.3CVSS6.9AI score0.82238EPSS
Exploits4References15
Github Security Blog
Github Security Blog
added 2020/12/21 4:28 p.m.131 views

XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

6.8CVSS8.4AI score0.82392EPSS
Exploits5References11Affected Software1
OSV
OSV
added 2020/12/21 4:28 p.m.2 views

GHSA-JFVX-7WRX-43FH XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

6.8CVSS6.9AI score0.82392EPSS
Exploits5References11
RedhatCVE
RedhatCVE
added 2020/12/17 8:48 p.m.47 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

9.8CVSS0.1AI score0.84362EPSS
Exploits11References3
Veracode
Veracode
added 2020/12/17 4:12 a.m.40 views

Arbitrary File Deletion

xstream is vulnerable to arbitrary file deletion. XStream's default blacklist of the Security Framework does not blacklist the internal JAX-WS type ReadAllStream.FileStream and therefore, allows the deserialization of XML containing those untrusted type, subsequently leading to an arbitrary file...

6.8CVSS1.8AI score0.82392EPSS
Exploits5References14Affected Software3
NVD
NVD
added 2020/12/16 1:15 a.m.33 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS7.1AI score0.82392EPSS
Exploits5References9
OSV
OSV
added 2020/12/16 1:15 a.m.35 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS9.2AI score0.82392EPSS
Exploits5References9
OSV
OSV
added 2020/12/16 1:15 a.m.4 views

DEBIAN-CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS6.8AI score0.82392EPSS
Exploits5References1
UbuntuCve
UbuntuCve
added 2020/12/16 1:15 a.m.40 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS6.8AI score0.82392EPSS
Exploits5References6
Rows per page
Query Builder