Lucene search
+L

633 matches found

nessus
nessus
added 2024/04/25 12:0 a.m.75 views

IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)

The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following: - When deserializing untrusted or corrupted data,...

9.8CVSS7.8AI score0.99999EPSS
Exploits65References68
nessus
nessus
added 2024/04/23 12:0 a.m.38 views

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.9CVSS8AI score0.99615EPSS
Exploits12References56
redhat
redhat
added 2024/03/18 9:47 a.m.59 views

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.2AI score0.99615EPSS
Exploits12References10
redhat
redhat
added 2024/03/18 9:47 a.m.4 views

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

9.8CVSS7.5AI score0.99615EPSS
Exploits8References5
ibm
ibm
added 2024/03/15 1:44 p.m.34 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 262 Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content...

9.8CVSS9.4AI score0.99615EPSS
Exploits9Affected Software1
ibm
ibm
added 2024/03/12 5:45 p.m.30 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)

Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...

6.5CVSS7.2AI score0.02091EPSS
Exploits0Affected Software1
openvas
openvas
added 2024/03/08 12:0 a.m.19 views

Fedora: Security Advisory for snakeyaml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
fedora
fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: snakeyaml-1.33-3.fc40

SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
osv
osv
added 2024/03/07 5:15 a.m.4 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

9.8CVSS6.1AI score0.01026EPSS
Exploits0References1
nvd
nvd
added 2024/03/07 5:15 a.m.28 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

9.8CVSS7.6AI score0.01026EPSS
Exploits0References1
prion
prion
added 2024/03/07 5:15 a.m.15 views

Deserialization of untrusted data

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

8.3AI score0.01026EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/03/07 4:49 a.m.9 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

8AI score0.01026EPSS
Exploits0References1
cve
cve
added 2024/03/07 4:49 a.m.55 views

CVE-2024-28212

CVE-2024-28212 affects nGrinder prior to 3.5.9, where an outdated SnakeYAML version enables unsafe deserialization that could let a remote attacker run arbitrary code. The vulnerability stems from deserializing untrusted data via SnakeYAML within nGrinder’s stack. Affected software: nGrinder vers...

9.8CVSS7.9AI score0.01026EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/03/07 4:49 a.m.29 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

7.9AI score0.01026EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/03/07 12:0 a.m.4 views

PT-2024-22338 · Ngrinder +1 · Ngrinder +1

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is related to the use of an old version of SnakeYAML in nGrinder, which could allow a remote attacker to execute arbitrary code via unsafe deserialization. Recommendations: For versions...

9.8CVSS8.2AI score0.01026EPSS
Exploits0References5
ibm
ibm
added 2024/03/05 4:54 p.m.74 views

Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository

Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...

9.8CVSS10AI score0.99615EPSS
Exploits12Affected Software1
prion
prion
added 2024/02/22 4:15 p.m.15 views

Deserialization of untrusted data

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

7.5CVSS7.2AI score0.01294EPSS
Exploits1References2
cvelist
cvelist
added 2024/02/22 3:59 p.m.39 views

CVE-2023-51389 HertzBeat SnakeYAML Deser RCE

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

9.8CVSS9.7AI score0.01294EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/02/22 3:59 p.m.12 views

CVE-2023-51389 HertzBeat SnakeYAML Deser RCE

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

9.8CVSS9.5AI score0.01294EPSS
Exploits1References2
cve
cve
added 2024/02/22 3:59 p.m.71 views

CVE-2023-51389

CVE-2023-51389 affects Hertzbeat, a real-time monitoring system. The vulnerability resides at the /define/yml interface, where SnakeYAML is used to parse YAML without a security configuration, enabling YAML deserialization. Affects versions prior to 1.4.1; version 1.4.1 fixes the issue. The issue...

9.8CVSS9.6AI score0.01294EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder