Filtered by vendor Oracle
Subscriptions
Filtered by product Business Activity Monitoring
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39153 | 6 Debian, Fedoraproject, Netapp and 3 more | 19 Debian Linux, Fedora, Snapmanager and 16 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39149 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39151 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39146 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39148 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39150 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39152 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39154 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2025-05-23 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2019-10173 | 3 Oracle, Redhat, Xstream | 15 Banking Platform, Business Activity Monitoring, Communications Billing And Revenue Management Elastic Charging Engine and 12 more | 2025-05-14 | 9.8 Critical |
| It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) | ||||