Lucene search
K

140 matches found

RedhatCVE
RedhatCVE
added 2022/02/02 5:17 p.m.48 views

CVE-2021-43859

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

7.5CVSS4.2AI score0.07934EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/01 12:8 p.m.33 views

CVE-2021-43859 Denial of Service by injecting highly recursive collections or maps in XStream

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...

7.5CVSS7.7AI score0.07934EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2022/01/26 4:33 p.m.5 views

xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS7.7AI score0.16118EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/01/26 4:33 p.m.8 views

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

8.5CVSS7.4AI score0.03437EPSS
Exploits2References5
Fedora
Fedora
added 2021/10/29 11:18 p.m.41 views

[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.9CVSS0.4AI score0.98124EPSS
Exploits34
RedHat Linux
RedHat Linux
added 2021/10/25 6:54 a.m.79 views

Important: Red Hat Security Advisory: xstream security update

An update for xstream is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.8CVSS7.5AI score0.98124EPSS
Exploits16References15
OpenVAS
OpenVAS
added 2021/10/21 12:0 a.m.36 views

Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.9CVSS8AI score0.98124EPSS
Exploits34References4
Fedora
Fedora
added 2021/10/12 11:47 p.m.69 views

[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.9CVSS0.4AI score0.98124EPSS
Exploits34
Fedora
Fedora
added 2021/10/12 11:45 p.m.66 views

[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

9.9CVSS0.4AI score0.98124EPSS
Exploits34
OSV
OSV
added 2021/09/08 11:3 a.m.2 views

OESA-2021-1337 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

8.8CVSS7.8AI score0.98124EPSS
Exploits16References15
RedhatCVE
RedhatCVE
added 2021/08/25 8:10 p.m.34 views

CVE-2021-39153

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

8.5CVSS4.5AI score0.04457EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/08/23 7:15 p.m.49 views

CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2021/08/23 6:20 p.m.35 views

CVE-2021-39150

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS8.6AI score0.03437EPSS
Exploits2
Cvelist
Cvelist
added 2021/08/23 6:20 p.m.42 views

CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

8.5CVSS8.8AI score0.11468EPSS
Exploits2References11
NVD
NVD
added 2021/08/23 6:15 p.m.14 views

CVE-2021-39147

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS0.04735EPSS
Exploits1References11
OSV
OSV
added 2021/08/23 6:15 p.m.41 views

CVE-2021-39141

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS7.7AI score0.16118EPSS
Exploits2References11
NVD
NVD
added 2021/08/23 6:15 p.m.21 views

CVE-2021-39145

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS0.04065EPSS
Exploits0References11
NVD
NVD
added 2021/08/23 6:15 p.m.33 views

CVE-2021-39146

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS0.143EPSS
Exploits0References11
OSV
OSV
added 2021/08/23 6:15 p.m.23 views

CVE-2021-39148

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS7.7AI score0.04735EPSS
Exploits1References11
Prion
Prion
added 2021/08/23 6:15 p.m.24 views

Code injection

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

6CVSS8.7AI score0.04065EPSS
Exploits0References11Affected Software14
Rows per page
Query Builder