140 matches found
SUSE CVE-2016-0792
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...
SUSE CVE-2021-21350
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to set...
SUSE CVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2022-40156
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2022-40155
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2022-40153
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2022-40151
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2022-40152
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...
Denial Of Service (DoS)
XStream Core is vulnerable to denial of service. The vulnerability exist due to a stack overflow during the serialization of xml data which allows an attacker to parse malicious input causing an application crash...
Denial Of Service (DoS)
xstream is vulnerable to denial of service. The vulnerability exists due to the improper serialization of XML data in the processConverterAnnotations function in AnnotationMapper.java which allows an attacker to cause an application crash by providing malicious input through the parser...
CVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
CVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...