exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2020-26217

Status Candidate

Overview

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Related Files

Ubuntu Security Notice USN-4943-1
Posted May 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2021-21342, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350
MD5 | a565fe2178a44c21cfecd0d125585112
Red Hat Security Advisory 2021-0433-01
Posted Feb 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0433-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.1.1 serves as a replacement for Red Hat Data Grid 8.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and memory leak vulnerabilities.

tags | advisory, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2020-25644, CVE-2020-25711, CVE-2020-26217
MD5 | de26065685b4363a7b525326ab2cae3b
Red Hat Security Advisory 2021-0384-01
Posted Feb 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0384-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include bypass, code execution, and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13933, CVE-2020-26217, CVE-2021-26117
MD5 | f6b225727d9a2d5b8600a077b541de2e
Ubuntu Security Notice USN-4714-1
Posted Jan 29, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.

tags | advisory, remote, arbitrary, shell, code execution
systems | linux, ubuntu
advisories | CVE-2020-26217, CVE-2020-26258, CVE-2020-26259
MD5 | 3cdeed73f8b46410b7481e928cd50ec1
Red Hat Security Advisory 2021-0162-01
Posted Jan 18, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0162-01 - XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, java, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-26217
MD5 | d9296480dea43fdb2055da43de4742be
Red Hat Security Advisory 2021-0106-01
Posted Jan 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0106-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.1 serves as an update to Red Hat Decision Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-26217
MD5 | 00cac4a6608b0577aae4612828d12d01
Red Hat Security Advisory 2021-0105-01
Posted Jan 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0105-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.1 serves as an update to Red Hat Process Automation Manager 7.9.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-26217
MD5 | d181ff8a0b578471ad111710d32accbd
Page 1 of 1
Back1Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close