xstream (SUSE:Linux Enterprise Module for Development Tools 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP4 package xstream, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2022-41966 — CVSS 8.2 (high): XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application…
CVE-2022-40151 — CVSS 6.5 (medium): Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied…