Lucene search
K

74 matches found

OSV
OSV
added 2026/06/18 10:45 a.m.9 views

ROOT-APP-MAVEN-CVE-2022-1471 CVE-2022-1471 in io.root.org.yaml:snakeyaml - Patched by Root

Root has patched CVE-2022-1471 in the io.root.org.yaml:snakeyaml package for Root:Maven. Multiple fixed versions available...

8.3CVSS7.1AI score0.99615EPSS
Exploits7
Atlassian
Atlassian
added 2026/04/16 6:22 p.m.21 views

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Confluence Data Center

This Confluence release includes updates to our org.yaml:snakeyaml dependency in response to CVE-2022-1471. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...

9.8CVSS6.5AI score0.99615EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/02/05 10:6 p.m.224 views

Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

yaml-payload Exploit payload JAR for demonstrating CVE-2022-...

9.8CVSS8.8AI score0.99615EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:51 a.m.79 views

Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities.

Summary Security Bulletin: IBM UrbanCode Build 6.1.7.10 addresses multiple vulnerabilities, listed in multiple CVEs CVE-2023-34981, CVE-2022-1471, CVE-2022-4065, CVE-2021-23450, CVE-2021-23450, CVE-2022-40151, CVE-2022-41966, CVE-2023-41080, CVE-2022-48285, CBE-2020-11971, CVE-2023-28709,...

9.8CVSS9.9AI score0.99615EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/19 1:48 p.m.12 views

Security Bulletin: IBM Sterling Global High Availability Mailbox is affected by a SnakeYaml deserialization vulnerability (CVE-2022-1471)

Summary IBM Sterling Global High Availability Mailbox is affected by SnakeYaml's Constructor class it does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's...

9.8CVSS8.2AI score0.99615EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.36 views

RHEL 8 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.8CVSS7.8AI score0.99615EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.40 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.9CVSS8.1AI score0.99931EPSS
Exploits52References48
Tenable Nessus
Tenable Nessus
added 2024/04/23 12:0 a.m.38 views

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.9CVSS8AI score0.99615EPSS
Exploits11References56
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.50 views

RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. - SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 - jenkins: Observable timing discrepancy allows...

9.8CVSS7.1AI score0.99615EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2024/01/22 6:8 p.m.19 views

Important: Red Hat Security Advisory: Updated RHEL-7-based Middleware container images

Updated RHEL-7-based Middleware container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS7.2AI score0.99615EPSS
Exploits7References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 6:29 p.m.40 views

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

9.8CVSS9.3AI score0.99615EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:4 p.m.40 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

9.8CVSS9.6AI score0.99615EPSS
Exploits11Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/13 12:0 a.m.47 views

Atlassian Jira Service Management Data Center and Server 5.0.x < 5.4.14 / 5.5.x < 5.11.2 / 5.12.0 (JSDSERVER-14906)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14906 advisory. - RCE Remote Code Execution in Jira Service Management Data Center and Server CVE-2022-1471 Note that...

9.8CVSS7.5AI score0.99615EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2023/12/13 12:0 a.m.50 views

Atlassian Confluence 6.13.x < 7.13.18 / 7.14.x < 7.19.10 / 7.20.x < 8.3.1 (CONFSERVER-91463)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-91463 advisory. - RCE Remote Code Execution in Confluence Data Center and Server CVE-2022-1471 Note that Nessus has not tested for this issue but has instead relied...

9.8CVSS7.5AI score0.99615EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2023/12/07 1:41 p.m.62 views

Moderate: Red Hat Security Advisory: AMQ Clients 2023.Q4

An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

9.8CVSS7.1AI score0.99615EPSS
Exploits12References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 8:58 p.m.26 views

Security Bulletin: mas-data-dictionary-lib-1.0.3.jar is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses mas-data-dictionary-lib-1.0.3.jar which is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute...

9.8CVSS8.7AI score0.99615EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 4:37 p.m.43 views

Security Bulletin: IBM Sterling B2B Integrator affected by remote code execution due to Snake Yaml (CVE-2022-1471)

Summary IBM Sterling B2B Integrator uses Snake Yaml. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted ya...

9.8CVSS9.7AI score0.99615EPSS
Exploits7Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/20 9:30 a.m.56 views

Deserialization of Untrusted Data in apache-submarine

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS6.7AI score0.01747EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2023/11/20 9:15 a.m.47 views

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

7.5CVSS7.2AI score0.99615EPSS
Exploits8References3Affected Software1
OSV
OSV
added 2023/11/20 9:15 a.m.54 views

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS7.7AI score0.01747EPSS
Exploits1References4
Rows per page
Query Builder