111 matches found
Astra Linux - уязвимость в yaml-cpp
The SingleDocParser::HandleFlowMap function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...
CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
JLSEC-2026-23
The SingleDocParser::HandleNode function in yaml-cpp aka LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...
CVE-2025-62348 Salt junos module uses an unsafe YAML loader which may allow unintended code execution
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...
EUVD-2018-13128
Malware in sbrugna...
EUVD-2021-18566
Malware in sbrugna...
EUVD-2019-15851
Malware in sbrugna...
EUVD-2017-17771
Malware in sbrugna...
yaml-libyaml: LibYAML Perl File Modification Vulnerability
A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-37861
Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a buffer overflow via the nav2amcl process. This vulnerability is triggered via sending a crafted .yaml file...
CVE-2024-37860
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2amcl process...
CVE-2021-46364
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file...
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file...
CVE-2024-37862
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2planner process...
PT-2024-27792 · Open Robotics · Ros2 +1
Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: The issue is a buffer overflow that occurs via the nav2 amcl process. This is triggered by sending a crafted .yaml file. Recommendations: For Open Robotics...
CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...
CVE-2024-35060
CVE-2024-35060 affects NASA AIT-Core v2.5.2 due to a flaw in the YAML Python library that allows arbitrary command execution via a crafted YAML file. Affected component: YAML Python library; root cause described as an issue in the library. Impact per sources: attacker-executed commands. Remediati...
PYSEC-2024-263
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafeload function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file...