CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

722 matches found

OSV•added 2021/03/23 12:15 a.m.•1 views

DEBIAN-CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...

9.8CVSS7.8AI score0.03665EPSS

Exploits1References1

OSV•added 2021/03/23 12:15 a.m.•21 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7.5AI score0.27312EPSS

Exploits1References15

NVD•added 2021/03/23 12:15 a.m.•14 views

CVE-2021-21344

9.8CVSS0.30602EPSS

Exploits1References15

NVD•added 2021/03/23 12:15 a.m.•25 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS0.88091EPSS

Exploits1References16

OSV•added 2021/03/23 12:15 a.m.•27 views

CVE-2021-21345

9.9CVSS9.6AI score0.88091EPSS

Exploits1References16

OSV•added 2021/03/23 12:15 a.m.•18 views

CVE-2021-21344

9.8CVSS9.7AI score0.30602EPSS

Exploits1References15

NVD•added 2021/03/23 12:15 a.m.•16 views

CVE-2021-21346

9.8CVSS0.03665EPSS

Exploits1References15

OSV•added 2021/03/23 12:15 a.m.•23 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS7.4AI score0.00623EPSS

Exploits1References15

ATTACKERKB•added 2021/03/23 12:15 a.m.•1 views

CVE-2021-21344

9.8CVSS6.2AI score0.30602EPSS

Exploits1References21Affected Software1

Prion•added 2021/03/23 12:15 a.m.•24 views

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

5CVSS9AI score0.06747EPSS

Exploits1References15Affected Software14

OSV•added 2021/03/23 12:15 a.m.•2 views

UBUNTU-CVE-2021-21343

7.5CVSS6.8AI score0.00623EPSS

Exploits1References8

ATTACKERKB•added 2021/03/23 12:15 a.m.•0 views

CVE-2021-21342

9.1CVSS5.7AI score0.00869EPSS

Exploits1References21Affected Software1

ATTACKERKB•added 2021/03/23 12:15 a.m.•1 views

CVE-2021-21347

9.8CVSS6.2AI score0.03287EPSS

Exploits1References21Affected Software1

Prion•added 2021/03/23 12:15 a.m.•21 views

Design/Logic Flaw

6.5CVSS9.4AI score0.88091EPSS

Exploits1References16Affected Software13

Prion•added 2021/03/23 12:15 a.m.•30 views

Default configuration

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

7.5CVSS9.6AI score0.08761EPSS

Exploits1References15Affected Software13

Prion•added 2021/03/23 12:15 a.m.•22 views

Arbitrary file deletion

5CVSS8.2AI score0.00623EPSS

Exploits1References15Affected Software12