exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2021-21348

Status Candidate

Overview

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Related Files

Ubuntu Security Notice USN-6978-1
Posted Aug 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6978-1 - It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2016-3674, CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21351
SHA-256 | 1afbcb0e189834043502262cef1e4fea8c4cb080deab88eb59b5f09c1040106a
Red Hat Security Advisory 2021-4918-03
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4918-03 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, privilege escalation, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2020-14326, CVE-2020-28491, CVE-2021-20328, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21350, CVE-2021-21351, CVE-2021-22118, CVE-2021-27568, CVE-2021-29505, CVE-2021-31812, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148
SHA-256 | d5c90a3e7232924ae6e8b38f5e9ef8c694af77ff921bcdb7b07c49f3c69e7068
Debian Security Advisory 5004-1
Posted Nov 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5004-1 - Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-29505, CVE-2021-39139, CVE-2021-39140
SHA-256 | e3aca8ca24ba1bae991a19b9c891853d3fde83ade3db51bc3a65a899cca8f0ac
Red Hat Security Advisory 2021-4767-01
Posted Nov 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4767-01 - This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, deserialization, information leakage, resource exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2020-14326, CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2020-27218, CVE-2020-27223, CVE-2020-28052, CVE-2020-28491, CVE-2021-20289, CVE-2021-20328, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-27568, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165
SHA-256 | 9dff15e298c722ad84d5f39cb4d850c04124d91986161bb1afd605f4e69d1c9d
Red Hat Security Advisory 2021-2476-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Red Hat Security Advisory 2021-2475-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
SHA-256 | 44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Red Hat Security Advisory 2021-2139-01
Posted May 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-10771, CVE-2020-26258, CVE-2020-26259, CVE-2021-21290, CVE-2021-21295, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-21409, CVE-2021-31917
SHA-256 | 26b79e23d99e81d46adcd853630427afc565a8681dad9bf539101220d92dd7b9
Ubuntu Security Notice USN-4943-1
Posted May 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21342, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350
SHA-256 | dd998f8644e72fd98d617b4dba7e225b2de67f8f73e732f634c3bba0ec431eac
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close