rpm package
suse/xstream&distro=SUSE Linux Enterprise Module for Development Tools 15 SP2
pkg:rpm/suse/xstream&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21342 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst | ||
| CVE-2021-21343 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst | ||
| CVE-2021-21344 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | ||
| CVE-2021-21345 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is | ||
| CVE-2021-21346 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | ||
| CVE-2021-21347 | — | < 1.4.16-3.8.1 | 1.4.16-3.8.1 | Mar 22, 2021 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff | ||
| CVE-2020-26258 | — | < 1.4.15-3.3.2 | 1.4.15-3.3.2 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are | ||
| CVE-2020-26259 | — | < 1.4.15-3.3.2 | 1.4.15-3.3.2 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo | ||
| CVE-2020-26217 | — | < 1.4.15-3.3.2 | 1.4.15-3.3.2 | Nov 16, 2020 | XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram |
- CVE-2021-21342Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst
- CVE-2021-21343Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new inst
- CVE-2021-21344Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- CVE-2021-21345Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is
- CVE-2021-21346Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- CVE-2021-21347Mar 22, 2021affected < 1.4.16-3.8.1fixed 1.4.16-3.8.1
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is aff
- CVE-2020-26258Dec 16, 2020affected < 1.4.15-3.3.2fixed 1.4.15-3.3.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are
- CVE-2020-26259Dec 16, 2020affected < 1.4.15-3.3.2fixed 1.4.15-3.3.2
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo
- CVE-2020-26217Nov 16, 2020affected < 1.4.15-3.3.2fixed 1.4.15-3.3.2
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram
Page 2 of 2