Amazon Linux 2 : xstream (ALAS-2021-1729)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1729 advisory. A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

hellosushi.co Cross Site Scripting vulnerability OBB-2286932

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

XStream: arbitrary file deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

CISA has announced the joint National Security Agency NSA and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known ...

Debian DSA-5004-1 : libxstream-java - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5004 advisory. Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow...

Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications

Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks in addition to the generic ones for web, trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Vulnerability (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

NewStart CGSL CORE 5.05 / MAIN 5.05 : xstream Vulnerability (NS-SA-2021-0179)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has xstream packages installed that are affected by a vulnerability: - XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Multiple Vulnerabilities (NS-SA-2021-0108)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by multiple vulnerabilities: - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a...

Oracle Linux 7 : xstream (ELSA-2021-3956)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3956 advisory. - Resolves: CVE-2021-39148 - Resolves: CVE-2021-39139 - Resolves: CVE-2021-39140 - Resolves: CVE-2021-39141 - Resolves: CVE-2021-39144 - Resolves:...

xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by...

worldcastsystems.com Open Redirect vulnerability OBB-2153799

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Debian DLA-2769-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2769 advisory. - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute...

APACHE SHIRO authentication bypass vulnerability

Apache Shiro is a powerful and easy-to-use Java security framework with features including authentication, authorization, encryption and session management.APACHE SHIRO authentication bypass vulnerability can be exploited by attackers to construct specific HTTP requests to bypass authentication a...