Lucene search
K

140 matches found

Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-40006

Name of the Vulnerable Software and Affected Versions NI Circuit Design Suite versions 14.3.1 and prior Description A memory corruption issue exists due to an out-of-bounds write within the XML Serialize function when utilizing the SymbolEditor component. Successful exploitation requires an...

8.5CVSS7.3AI score0.00171EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-40151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may...

7.5CVSS6.7AI score0.01022EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-41966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow...

8.2CVSS6.8AI score0.08689EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/23 12:0 a.m.9 views

Atlassian Confluence 2.2.x < 8.5.21 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 (CONFSERVER-99568)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99568 advisory. - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the applicatio...

7.5CVSS6.3AI score0.02015EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.4 views

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

7.5CVSS7.2AI score0.19653EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2024/11/08 10:29 p.m.22 views

CVE-2024-47072

A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application. Mitigation Mitigation for this issue is either...

7.5CVSS6.8AI score0.02015EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/07 11:38 p.m.33 views

CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS7.7AI score0.02015EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/11/07 11:38 p.m.16 views

CVE-2024-47072

XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...

7.5CVSS6.1AI score0.02015EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:48 p.m.6 views

Malicious code in array-xml-serialization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:48 p.m.12 views

MAL-2024-6685 Malicious code in array-xml-serialization (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/18 9:47 a.m.2 views

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

7.5CVSS7.3AI score0.01022EPSS
Exploits1References4
Fedora
Fedora
added 2024/03/07 10:33 p.m.22 views

[SECURITY] Fedora 40 Update: xstream-1.4.20-6.fc40

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

8.8CVSS6.6AI score0.02557EPSS
Exploits3
Amazon
Amazon
added 2024/02/19 12:0 a.m.32 views

Medium: xstream

Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

7.5CVSS7.1AI score0.01022EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/02/19 12:0 a.m.39 views

Amazon Linux 2 : xstream (ALAS-2024-2464)

The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

7.5CVSS7.6AI score0.01022EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.6 views

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

7.5CVSS7.2AI score0.19653EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.4 views

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

7.5CVSS7.2AI score0.19653EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.3 views

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

7.3AI score
Exploits0References4
Amazon
Amazon
added 2023/04/04 12:0 a.m.44 views

Important: xstream

Issue Overview: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code...

8.2CVSS7.2AI score0.08689EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.66 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : XStream vulnerabilities (USN-5946-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5946-1 advisory. Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked int...

8.8CVSS8AI score0.9851EPSS
Exploits17References16
OSV
OSV
added 2023/03/08 3:40 p.m.4 views

SUSE-SU-2023:0679-1 Security update for woodstox

This update for woodstox fixes the following issues: - CVE-2022-40152: Fixed stack overflow in XML serialization bsc1203521...

7.5CVSS7.7AI score0.19653EPSS
Exploits1References3
Rows per page
Query Builder