140 matches found
PT-2025-40006
Name of the Vulnerable Software and Affected Versions NI Circuit Design Suite versions 14.3.1 and prior Description A memory corruption issue exists due to an out-of-bounds write within the XML Serialize function when utilizing the SymbolEditor component. Successful exploitation requires an...
Linux Distros Unpatched Vulnerability : CVE-2022-40151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may...
Linux Distros Unpatched Vulnerability : CVE-2022-41966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow...
Atlassian Confluence 2.2.x < 8.5.21 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 (CONFSERVER-99568)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99568 advisory. - XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the applicatio...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
CVE-2024-47072
A flaw was found in the XStream library. A remote attacker may trigger a denial of service by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. This issue may lead to the termination of the application. Mitigation Mitigation for this issue is either...
CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...
CVE-2024-47072
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the...
Malicious code in array-xml-serialization (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6685 Malicious code in array-xml-serialization (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
[SECURITY] Fedora 40 Update: xstream-1.4.20-6.fc40
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
Medium: xstream
Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
Amazon Linux 2 : xstream (ALAS-2024-2464)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
Important: xstream
Issue Overview: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : XStream vulnerabilities (USN-5946-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5946-1 advisory. Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked int...
SUSE-SU-2023:0679-1 Security update for woodstox
This update for woodstox fixes the following issues: - CVE-2022-40152: Fixed stack overflow in XML serialization bsc1203521...