EUVD-2016-6180

Malware in sbrugna...

Atlassian Jira Service Management Data Center and Server < 5.4.18 / 5.5.x < 5.8.0 / 5.12.0 (JSDSERVER-15436)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15436 advisory. - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote...

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to Denial of Service (DoS) attacks

Summary XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks DoS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service...

[SECURITY] [DSA 5315-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5315-1 [email protected] https://www.debian.org/security/ Markus Koschany January 11, 2023 https://www.debian.org/security/faq -...

security/keycloak -- Multiple possible DoS attacks

CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: I...

Oracle Linux 7 : xstream (ELSA-2021-3956)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3956 advisory. - Resolves: CVE-2021-39148 - Resolves: CVE-2021-39139 - Resolves: CVE-2021-39140 - Resolves: CVE-2021-39141 - Resolves: CVE-2021-39144 - Resolves:...

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...

Code injection

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...

CVE-2016-5229

CVE-2016-5229 affects Atlassian Bamboo prior to 5.11.4.1 and 5.12.x prior to 5.12.3.1. The issue arises from insufficient restriction of deserialized classes during XStream-based deserialization, enabling remote code execution via crafted input. A fix is available: Bamboo 5.12.3.1 and 5.11.4.1 (a...

CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...