Lucene search
K

20 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

9.1CVSS7AI score0.82136EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. However, users who followed the...

9.8CVSS7.8AI score0.76367EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libxstream-java

XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream contained type information at the time of unmarshaling, allowing new instances to be created based on those type information. An attacker...

7.5CVSS6.7AI score0.46666EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.2 views

SUSE CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

5.9CVSS7.5AI score0.77801EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2021/06/17 1:15 p.m.2 views

XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7.6AI score0.77801EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:15 p.m.5 views

XStream: arbitrary file deletion on the local host via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

7.5CVSS7.4AI score0.46666EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/06/17 1:14 p.m.9 views

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS7.8AI score0.82136EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.3 views

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS7.5AI score0.46826EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.4 views

XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

7.5CVSS7.6AI score0.77801EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/05/26 9:49 p.m.10 views

XStream: ReDoS vulnerability

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.8CVSS7.5AI score0.13832EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/03/23 12:15 a.m.2 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

9.1CVSS6.2AI score0.82136EPSS
Exploits1References22Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/23 12:15 a.m.1 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS5.7AI score0.46826EPSS
Exploits1References21Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/23 12:15 a.m.1 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS6.3AI score0.15234EPSS
Exploits1References21Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/23 12:15 a.m.2 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

9.9CVSS5.9AI score0.72324EPSS
Exploits1References23Affected Software1
OSV
OSV
added 2021/03/23 12:15 a.m.6 views

UBUNTU-CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...

9.8CVSS7.2AI score0.15234EPSS
Exploits1References8
OSV
OSV
added 2021/03/23 12:15 a.m.6 views

UBUNTU-CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

9.1CVSS6.8AI score0.4999EPSS
Exploits1References8
OSV
OSV
added 2021/03/23 12:15 a.m.8 views

UBUNTU-CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...

8.6CVSS6.8AI score0.46826EPSS
Exploits1References8
OSV
OSV
added 2021/03/23 12:15 a.m.10 views

UBUNTU-CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

7.5CVSS6.7AI score0.13832EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.3 views

PT-2021-4783 · Xstream +6 · Xstream +6

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used for serializing objects to XML and back. It may allow a remote attacker to load and execute arbitrary code from a remote host by...

10CVSS7.2AI score0.98124EPSS
Exploits39References213
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.12 views

PT-2021-5145 · Xstream +5 · Xstream +5

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue is related to the XStream Java library, which is used for serializing objects to XML and back again. It may allow a remote attacker to load and execute arbitrary code from a remote host ...

10CVSS7.1AI score0.98124EPSS
Exploits59References613
Rows per page
Query Builder