GHSA-3PQX-4FQF-J49F Deserialization of Untrusted Data in PyYAML

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

PYSEC-2021-86

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function...

CVE-2021-23338

CVE-2021-23338 affects all versions of the qlib package. The CLI workflow function uses an unsafe YAML load, enabling Deserialization of Untrusted Data. There is no explicit exploitation detail provided in the initial documents. Several connected advisories corroborate a Deserialization of Untrus...

PT-2021-11565 · Prusa +1 · Prusaslicer +1

Name of the Vulnerable Software and Affected Versions: PrusaSlicer versions 2.2.0 and Master commit 4b040b856 Description: An out-of-bounds write issue exists in the load obj functionality of the Obj.cpp file. This can be triggered by a specially crafted obj file, potentially leading to code...

EulerOS Virtualization 3.0.6.6 : PyYAML (EulerOS-SA-2020-2475)

According to the versions of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS ...

Arbitrary Code Execution

shiba is vulnerable to arbitrary code execution. The vulnerability exists through the use of the unsafe function load in js-yaml...

CVE-2020-7729

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML...

Cross-site Scripting (XSS)

Overview jquery is a package that makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting XSS. load fail...

CVE-2020-8441

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...

CVE-2020-8441

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...

Deserialization of untrusted data

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...

CVE-2020-8441

JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load function. NOTE: this is a discontinued product...

CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

PYSEC-2020-176

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

PT-2019-15952 · Stb +1 · Stb Image.H +1

Name of the Vulnerable Software and Affected Versions: stb image.h aka the stb image loader version 2.23 Description: The issue is a heap-based buffer over-read in the stbi load main function. This problem affects products that use the stb image loader, including libsixel. Recommendations: For...

PT-2019-14377 · Gnu +1 · Gnu Chess +1

Name of the Vulnerable Software and Affected Versions: GNU Chess version 6.2.5 Description: A stack-based buffer overflow issue exists in the cmd load function, located in frontend/cmd.cc, which can be triggered by a crafted chess position in an EPD file. Recommendations: For GNU Chess version...

AdPlug Buffer Overflow Vulnerability (CNVD-2019-32337)

AdPlug is an AdLib sound player library written in C++. A buffer overflow vulnerability exists in the 'CdtmLoader::load' function of the dtm.cpp file in AdPlug version 2.3.1. The vulnerability stems from a networked system or product performing operations in memory without properly validating dat...

AdPlug Buffer Overflow Vulnerability

AdPlug is an AdLib sound player library written in C++. A buffer overflow vulnerability exists in the 'Ca2mLoader::load' function of the a2m.cpp file in AdPlug version 2.3.1. The vulnerability stems from a networked system or product performing operations in memory without properly validating dat...

DEBIAN-CVE-2019-14692

AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load in mkj.cpp...

GHSA-8J8C-7JFH-H6HX Code Injection in js-yaml

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code...