CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

722 matches found

OSV•added 2021/05/15 11:2 a.m.•1 views

OESA-2021-1185 xstream security update

Security Fixes: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the...

9.9CVSS7.8AI score0.92EPSS

Exploits10References12

RedhatCVE•added 2021/03/24 4:32 p.m.•28 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS3.7AI score0.06747EPSS

Exploits1References3

RedhatCVE•added 2021/03/24 4:31 p.m.•37 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS3.7AI score0.00256EPSS

Exploits0References3

RedhatCVE•added 2021/03/24 4:25 p.m.•30 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS5AI score0.92EPSS

Exploits1References3

RedhatCVE•added 2021/03/24 2:23 p.m.•29 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS4.1AI score0.302EPSS

Exploits1References3

Veracode•added 2021/03/23 7:1 a.m.•28 views

Remote Code Execution

xstream is vulnerable to remote code execution. The vulnerability exists because it relies on XStream's default blacklist of the Security Framework, allowing an attacker to manipulate the processed input stream and replace or inject objects, that result in execution of arbitrary code loaded from ...

9.8CVSS4.5AI score0.03287EPSS

Exploits1References22Affected Software5

OSV•added 2021/03/23 12:15 a.m.•1 views

DEBIAN-CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.8AI score0.03287EPSS

Exploits1References1

OSV•added 2021/03/23 12:15 a.m.•26 views

CVE-2021-21347

9.8CVSS9.7AI score0.03287EPSS

Exploits1References15

OSV•added 2021/03/23 12:15 a.m.•27 views

CVE-2021-21348

7.5CVSS7.5AI score0.00256EPSS

Exploits0References15

NVD•added 2021/03/23 12:15 a.m.•14 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS0.08761EPSS

Exploits1References15

NVD•added 2021/03/23 12:15 a.m.•14 views

CVE-2021-21349

8.6CVSS0.06747EPSS

Exploits1References15

OSV•added 2021/03/23 12:15 a.m.•1 views

DEBIAN-CVE-2021-21350

9.8CVSS7.9AI score0.08761EPSS

Exploits1References1

OSV•added 2021/03/23 12:15 a.m.•1 views

DEBIAN-CVE-2021-21351