17 matches found
Security Bulletin: A js-yaml-4.1.0.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in js-yaml-4.1.0.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and...
Fedora 42 : yarnpkg (2026-b8aad5411e)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b8aad5411e advisory. Update vendor bundle. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...
Security Bulletin: Vulnerabilities in js-yaml-3.14.1.tgz, js-yaml-4.1.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-64718)
Summary There are vulnerabilities in js-yaml-3.14.1.tgz, js-yaml-4.1.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-64718. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In...
openSUSE 16 Security Update : cockpit-repos (openSUSE-SU-2026:20251-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20251-1 advisory. Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...
Security update for cockpit-repos (important)
openSUSE security update: security update for cockpit-repos ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20251-1 Rating: important References: bsc1255425 bsc1257325 Cross-References: CVE-2025-13465 CVE-2025-64718 CVSS scores: CVE-2025-13465 SUSE ...
SUSE-SU-2026:20580-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issues: Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257325. - CVE-2025-64718: js-yaml prototype pollution in merge bsc1255425...
SUSE: Security Advisory (SUSE-SU-2026:20182-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
200-ok-boomer (>=2.0.0 <=2.1.0), 20190403-utils (=1.0.0) +10109 more potentially affected by CVE-2025-64718 via js-yaml (>=0.3.5 <=3.14.1)
js-yaml NPM version =0.3.5, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =0.1.1, =0.1.0, =1.0.0, =0.2.39, =0.0.1, =1.0.2, =2.0.3, =2.0.7 and more Source cves: CVE-2025-64718 Source advisory: OSV:GHSA-MH29-5H37-FV8M...
02.aula (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +7962 more potentially affected by CVE-2025-64718 via js-yaml (>=4.0.0 <=4.1.0)
js-yaml NPM version =4.0.0, =0.2.0, =0.0.3, =4.11.0, =0.0.1, =0.1.23, =0.1.4, =6.1.5, =0.2.0, =0.2.0, =1.0.0, =1.1.0 and more Source cves: CVE-2025-64718 Source advisory: OSV:GHSA-MH29-5H37-FV8M...
02.aula (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +7962 more potentially affected by CVE-2025-64718 via js-yaml (>=4.0.0 <=4.1.0)
js-yaml NPM version =4.0.0, =0.2.0, =0.0.3, =4.11.0, =0.0.1, =0.1.23, =0.1.4, =6.1.5, =0.2.0, =0.2.0, =1.0.0, =1.1.0 and more Source cves: CVE-2025-64718 Source advisory: SNYK:JS-JSYAML-13961110...
org.webjars.npm:coveralls-next (=4.2.2) potentially affected by CVE-2025-64718 via org.webjars.npm:js-yaml (=4.1.0)
org.webjars.npm:js-yaml MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:js-yaml and may be impacted: - org.webjars.npm:coveralls-next =4.2.2 Source cves: CVE-2025-64718 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961...
200-ok-boomer (>=2.0.0 <=2.1.0), 20190403-utils (=1.0.0) +6665 more potentially affected by CVE-2025-64718 via js-yaml (>=3.0.0 <=3.14.1)
js-yaml NPM version =3.0.0, =2.0.0, =1.0.0, =0.1.1, =0.1.0, =1.0.0, =0.2.39, =0.0.1, =1.0.2, =2.0.3, =0.0.327, =0.0.308, =1.0.29, =1.0.30 and more Source cves: CVE-2025-64718 Source advisory: SNYK:JS-JSYAML-13961110...
com.salesforce.perfeng.uiperf:ImageOptimization (=2.0.1), org.webjars:imagemin (>=0.4.6-1 <=3.1.0) +2 more potentially affected by CVE-2025-64718 via org.webjars:js-yaml (=3.0.2)
org.webjars:js-yaml MAVEN version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:js-yaml and may be impacted: - com.salesforce.perfeng.uiperf:ImageOptimization =2.0.1 - org.webjars:imagemin =0.4.6-1, =0.1.0-1, =4.0.0 -...
org.webjars.bowergithub.lostinbrittany:granite-yaml (=1.1.0) potentially affected by CVE-2025-64718 via org.webjars.bowergithub.nodeca:js-yaml (=3.14.1)
org.webjars.bowergithub.nodeca:js-yaml MAVEN version =3.14.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bowergithub.nodeca:js-yaml and may be impacted: - org.webjars.bowergithub.lostinbrittany:granite-yaml =1.1.0 Source cves:...
DEBIAN-CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. The problem is patched in...
Linux Distros Unpatched Vulnerability : CVE-2025-64718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...