[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 195386 Download | Alert*

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in libxstream-java.

libxstream-java: Java library to serialize objects to XML and back again Several security issues were fixed in XStream library.

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist approach of XStream"s security framework. For additional information please refer to https://github.com ...

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ...

XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix: * XStream: remote code execution due to insecure XML deserialization when relying on blocklists For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

The advisory is missing the security advisory description. For more information please visit the reference link

The advisory is missing the security advisory description. For more information please visit the reference link

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS * golang: math/big: panic during recursive division of very large numbers * golang: malicious symbol names can lead to code execution at build time * golang: improper validation of cgo fla ...

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection


Pages:      Start    9430    9431    9432    9433    9434    9435    9436    9437    9438    9439    9440    9441    9442    9443    ..   19538

© SecPod Technologies