Lucene search
K

291 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.5 views

SUSE CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.4CVSS7.4AI score0.4999EPSS
Exploits1References7
OSV
OSV
added 2023/02/13 4:0 p.m.13 views

GO-2023-1535 Panic during unmarshal of Server Hello in github.com/pion/dtls/v2

Unmarshalling a Server Hello can panic, which could allow a denial of service...

7.1AI score
Exploits0References1
OSV
OSV
added 2023/02/13 4:0 p.m.8 views

GO-2023-1534 Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2

Unmarshalling a Hello Verify request can panic, which could allow a denial of service...

7.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/12/29 1:48 a.m.76 views

XStream can cause Denial of Service via stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

8.2CVSS7.7AI score0.08689EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/02 12:0 a.m.42 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2683)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request...

7.5CVSS7.3AI score0.02593EPSS
Exploits7References14
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.6 views

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...

8.6CVSS7.2AI score0.03478EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/08/16 7:0 a.m.2 views

Stack exhaustion when unmarshaling certain documents in encoding/xml

...

7.5CVSS7.4AI score0.01618EPSS
Exploits0
OSV
OSV
added 2022/07/29 8:0 p.m.26 views

GO-2022-0379 Type confusion in github.com/docker/distribution

Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. A maliciously crafted OCI Container Image can cause registry clients to parse the same image in two different ways without modifying the image's digest, invalidating the common pattern of relying o...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2022/07/20 8:52 p.m.2 views

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to...

8.7CVSS6.9AI score0.01618EPSS
Exploits0References3
Fedora
Fedora
added 2022/07/17 1:15 a.m.45 views

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

9.3CVSS8.9AI score0.0995EPSS
Exploits4
OSV
OSV
added 2022/05/14 2:37 a.m.43 views

GHSA-HGJR-XWJ3-JFVW JBoss RESTEasy vulnerable to Improper Input Validation

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

8.1CVSS8.1AI score0.06179EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2022/05/14 2:37 a.m.52 views

JBoss RESTEasy vulnerable to Improper Input Validation

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions...

8.1CVSS7.4AI score0.06179EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2022/05/13 1:19 a.m.90 views

GHSA-H892-X453-86WC Pippo RCE Vulnerability

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

9.8CVSS9.8AI score0.03653EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:19 a.m.27 views

Pippo RCE Vulnerability

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

9.8CVSS7.9AI score0.03653EPSS
Exploits1References4Affected Software2
RedHat Linux
RedHat Linux
added 2022/04/07 6:2 p.m.4 views

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...

8.6CVSS7.2AI score0.03478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/23 8:22 a.m.1 views

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS7.5AI score0.46826EPSS
Exploits1References4
OSV
OSV
added 2022/03/02 11:15 p.m.2 views

DEBIAN-CVE-2021-3623

A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to...

6.1CVSS6.7AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2022/02/01 12:48 a.m.14 views

GHSA-RMR5-CPV2-VGJF Denial of Service by injecting highly recursive collections or maps in XStream

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.19 monitors and accumulates the...

7.5CVSS7.4AI score0.07934EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.6 views

XStream: arbitrary file deletion on the local host when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

6.8CVSS7.5AI score0.82392EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.5 views

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS7.4AI score0.4999EPSS
Exploits1References4
Rows per page
Query Builder