8 matches found
CVE-2018-18240
Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...
EUVD-2020-0471
Malware in sbrugna...
Security update for ignition
This update for ignition fixes the following issues: CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input bsc1248548 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Linux Distros Unpatched Vulnerability : CVE-2014-0792
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to...
XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...
XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...
GHSA-7HWC-46RM-65JH Denial of service in XStream
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...
XStream: DoS when unmarshalling void type
It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker coul...