Xstream

Xstream

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-41966

Exploit
  • EPSS 12%
  • Veröffentlicht 28.12.2022 00:15:14
  • Zuletzt bearbeitet 23.05.2025 16:51:10

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. T...

7.5

CVE-2022-40152

Exploit
  • EPSS 0.76%
  • Veröffentlicht 16.09.2022 10:15:09
  • Zuletzt bearbeitet 23.05.2025 16:51:40

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. T...

7.5

CVE-2022-40151

Exploit
  • EPSS 0.25%
  • Veröffentlicht 16.09.2022 10:15:09
  • Zuletzt bearbeitet 23.05.2025 16:51:48

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a...

7.5

CVE-2021-43859

Exploit
  • EPSS 2.4%
  • Veröffentlicht 01.02.2022 12:15:08
  • Zuletzt bearbeitet 23.05.2025 16:53:31

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resul...

8.5

CVE-2021-39152

Exploit
  • EPSS 67.83%
  • Veröffentlicht 23.08.2021 19:15:13
  • Zuletzt bearbeitet 23.05.2025 16:47:47

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

8.5

CVE-2021-39150

Exploit
  • EPSS 2.31%
  • Veröffentlicht 23.08.2021 19:15:12
  • Zuletzt bearbeitet 23.05.2025 16:48:02

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed inp...

6.3

CVE-2021-39140

Exploit
  • EPSS 0.12%
  • Veröffentlicht 23.08.2021 19:15:10
  • Zuletzt bearbeitet 23.05.2025 16:50:34

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload r...

8.5

CVE-2021-39153

Exploit
  • EPSS 0.68%
  • Veröffentlicht 23.08.2021 18:15:13
  • Zuletzt bearbeitet 23.05.2025 16:50:17

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if usin...

8.5

CVE-2021-39154

Exploit
  • EPSS 0.71%
  • Veröffentlicht 23.08.2021 18:15:13
  • Zuletzt bearbeitet 23.05.2025 16:47:35

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39151

Exploit
  • EPSS 0.68%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...