Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xstream project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41966
XStream serializes Java objects to XML and back again. Versions before 1.4.20 may allow a remote malicious user to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash co...
Xstream Project Xstream
1 Github repository
NA
CVE-2022-40151
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Xstream Project Xstream
NA
CVE-2022-40152
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denia...
Xstream Project Xstream
Fasterxml Woodstox
686
VMScore
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Vmware Spring Cloud Function
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Banking Cash Management 14.5
Oracle Banking Trade Finance Process Management 14.5
Oracle Banking Credit Facilities Process Management 14.5
Oracle Banking Corporate Lending Process Management 14.5
Oracle Banking Supply Chain Finance 14.5
Oracle Sd-wan Edge 9.1
Oracle Banking Liquidity Management 14.5
Oracle Banking Liquidity Management 14.2
Oracle Banking Virtual Account Management 14.5
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Communications Policy Management 12.6.0.0.0
62 Github repositories
3 Articles
720
VMScore
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
173 Github repositories
7 Articles
446
VMScore
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions before 1.4.19 may allow a remote malicious user to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of servic...
Xstream Project Xstream
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Oracle Flexcube Private Banking 12.1.0
Oracle Commerce Guided Search 11.3.2
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Oracle Communications Policy Management 12.6.0.0.0
Oracle Communications Diameter Intelligence Hub
Oracle Communications Brm - Elastic Charging Engine 12.0.0.5.0
Oracle Communications Brm - Elastic Charging Engine
534
VMScore
CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote malicious user to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java ru...
Xstream Project Xstream
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Commerce Guided Search 11.3.2
1 Github repository
561
VMScore
CVE-2021-39140
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote malicious user to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of ...
Xstream Project Xstream
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Commerce Guided Search 11.3.2
534
VMScore
CVE-2021-39150
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote malicious user to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java ru...
Xstream Project Xstream
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Commerce Guided Search 11.3.2
1 Github repository
535
VMScore
CVE-2021-39149
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote malicious user to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who follow...
Xstream Project Xstream
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapmanager -
Oracle Webcenter Portal 12.2.1.3.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Communications Unified Inventory Management 7.3.4
Oracle Communications Unified Inventory Management 7.3.5
Oracle Communications Unified Inventory Management 7.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Commerce Guided Search 11.3.2
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »