rpm package
opensuse/xstream&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xstream&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47072 | Hig | 7.5 | < 1.4.21-1.1 | 1.4.21-1.1 | Nov 8, 2024 | XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configu | |
| CVE-2022-41966 | Hig | 8.2 | < 1.4.20-1.1 | 1.4.20-1.1 | Dec 28, 2022 | XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i | |
| CVE-2022-40151 | Med | 6.5 | < 1.4.20-1.1 | 1.4.20-1.1 | Sep 16, 2022 | Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | |
| CVE-2021-43859 | Hig | 7.5 | < 1.4.19-1.1 | 1.4.19-1.1 | Feb 1, 2022 | XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service on | |
| CVE-2021-39150 | Hig | 8.5 | < 1.4.18-1.1 | 1.4.18-1.1 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime | |
| CVE-2021-39153 | Hig | 8.5 | < 1.4.18-1.1 | 1.4.18-1.1 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box w | |
| CVE-2021-39147 | Hig | 8.5 | < 1.4.18-1.1 | 1.4.18-1.1 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the | |
| CVE-2021-39144 | Hig | 8.5 | KEV | < 1.4.18-1.1 | 1.4.18-1.1 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the |
| CVE-2021-39139 | Hig | 8.5 | < 1.4.18-1.1 | 1.4.18-1.1 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the | |
| CVE-2021-29505 | Hig | 7.5 | < 1.4.18-1.1 | 1.4.18-1.1 | May 28, 2021 | XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the | |
| CVE-2021-21351 | Med | 5.4 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, | |
| CVE-2021-21350 | Med | 5.3 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the reco | |
| CVE-2021-21349 | Med | 6.1 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stre | |
| CVE-2021-21348 | Med | 5.3 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recomm | |
| CVE-2021-21347 | Med | 6.1 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | |
| CVE-2021-21346 | Med | 6.1 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | |
| CVE-2021-21345 | Med | 5.8 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is | |
| CVE-2021-21344 | Med | 5.3 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | |
| CVE-2021-21343 | Med | 5.3 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst | |
| CVE-2021-21342 | Med | 5.3 | < 1.4.18-1.1 | 1.4.18-1.1 | Mar 23, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst |
- affected < 1.4.21-1.1fixed 1.4.21-1.1
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configu
- affected < 1.4.20-1.1fixed 1.4.20-1.1
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code i
- affected < 1.4.20-1.1fixed 1.4.20-1.1
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
- affected < 1.4.19-1.1fixed 1.4.19-1.1
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service on
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box w
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected,
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the reco
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stre
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recomm
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst
- affected < 1.4.18-1.1fixed 1.4.18-1.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst
Page 1 of 2