VYPR

rpm package

opensuse/xstream&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/xstream&distro=openSUSE%20Tumbleweed

Vulnerabilities (26)

  • CVE-2021-21347Mar 22, 2021
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff

  • CVE-2020-26258Dec 16, 2020
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are

  • CVE-2020-26259Dec 16, 2020
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo

  • CVE-2020-26217Nov 16, 2020
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram

  • CVE-2017-7957HigApr 29, 2017
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

  • CVE-2016-3674HigMay 17, 2016
    affected < 1.4.18-1.1fixed 1.4.18-1.1

    Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML

Page 2 of 2