Download
| Alert*
oval:org.secpod.oval:def:106782
xstream is installed oval:org.secpod.oval:def:110456 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:110452 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:112285 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:112287 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:3300849 SUSE Security Update: Security update for xstream oval:org.secpod.oval:def:89048624 This update for xstream fixes the following issues: * CVE-2022-40151: Fixed stackoverflow in XML serialization . * CVE-2022-41966: Fixed denial of service via uncontrolled recursion during deserialization . * Upgrade to 1.4.20. oval:org.secpod.oval:def:120871 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:120874 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:106439 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:106438 XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for lar ... oval:org.secpod.oval:def:1700769 A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality, integr ... oval:org.secpod.oval:def:1700698 A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability oval:org.secpod.oval:def:1701292 XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these ... oval:org.secpod.oval:def:1700541 A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. T ... oval:org.secpod.oval:def:1702138 Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks . If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack |