Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0019

Malware in sbrugna...

9.8CVSS9.3AI score0.04435EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2018/07/18 6:28 p.m.7 views

tribe (>=1.2.0 <=1.3.0) potentially affected by CVE-2017-16763 via confire (=0.2.0)

confire PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on confire and may be impacted: - tribe =1.2.0, =1.3.0 Source cves: CVE-2017-16763 Source advisory: OSV:GHSA-M85C-9MF8-M2M6...

9.8CVSS7.2AI score0.04435EPSS
Exploits1
OSV
OSV
added 2018/07/18 6:28 p.m.2 views

GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS6.1AI score0.04435EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2018/07/18 6:28 p.m.29 views

Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.4AI score0.04435EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2017/11/13 12:0 a.m.3 views

Confire config.py File Arbitrary Command Execution Vulnerability

Confire is a set of application configuration tools built on Scapy, Django and other configuration parsers. A security vulnerability in the YAML parsing function of the config.py file in Confire version 0.2.0 stems from the program using the 'yaml.load' function to load user-specific configuratio...

9.8CVSS7.6AI score0.04435EPSS
Exploits1References1
Veracode
Veracode
added 2017/11/10 11:51 p.m.9 views

Remote Code Execution (RCE)

confire is vulnerable to remote code execution attacks. The attacks can happen because the config.py file allows users to parse their configuration from the /.confire.yaml through the yaml.load function of the YAML parser, allowing attackers to inject and execute arbitrary python commands...

9.8CVSS9.8AI score0.04435EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2017/11/10 9:29 a.m.7 views

PYSEC-2017-78

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS8AI score0.04435EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2017/11/10 9:29 a.m.16 views

Input validation

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

7.5CVSS9.8AI score0.04435EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2017/11/10 9:29 a.m.4 views

tribe (>=1.2.0 <=1.3.0) potentially affected by CVE-2017-16763 via confire (=0.2.0)

confire PYPI version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on confire and may be impacted: - tribe =1.2.0, =1.3.0 Source cves: CVE-2017-16763 Source advisory: OSV:PYSEC-2017-78...

9.8CVSS7.2AI score0.04435EPSS
Exploits1
NVD
NVD
added 2017/11/10 9:29 a.m.38 views

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.8AI score0.04435EPSS
Exploits1References3
OSV
OSV
added 2017/11/10 9:29 a.m.16 views

PYSEC-2017-78

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS7.4AI score0.04435EPSS
Exploits1References4
OSV
OSV
added 2017/11/10 9:29 a.m.21 views

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.8AI score0.04435EPSS
Exploits1References3
CVE
CVE
added 2017/11/10 9:0 a.m.75 views

CVE-2017-16763

The CVE-2017-16763 entry covers Confire 0.2.0: YAML parsing in config.py loads user config from ~/.confire.yaml using yaml.load, enabling arbitrary Python execution and command execution on the host. This is a YAML deserialization issue that can be triggered by injected YAML. The connected docume...

9.8CVSS9.7AI score0.04435EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/11/10 9:0 a.m.35 views

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8AI score0.04435EPSS
Exploits1References3
Rows per page
Query Builder