Download
| Alert*
oval:org.secpod.oval:def:602510
libxstream-java is installed oval:org.secpod.oval:def:602865 It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling. oval:org.secpod.oval:def:70357 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in libxstream-java. oval:org.secpod.oval:def:71923 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library. oval:org.secpod.oval:def:72087 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library. oval:org.secpod.oval:def:88454 XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implemen ... oval:org.secpod.oval:def:89408 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream. oval:org.secpod.oval:def:89392 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream. oval:org.secpod.oval:def:605677 Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. XStream itself sets u ... oval:org.secpod.oval:def:69848 Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling. oval:org.secpod.oval:def:69831 It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist app ... oval:org.secpod.oval:def:705999 libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library. oval:org.secpod.oval:def:1900481 Multiple XML external entity vulnerabilities in the Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, and WstxDriver drivers in XStream before 1.4.9allow remote attackers to read arbitrary files via a crafted XML document. oval:org.secpod.oval:def:602499 It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks. |