633 matches found
IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)
The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following: - When deserializing untrusted or corrupted data,...
RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability from th...
SnakeYaml: Constructor Deserialization Remote Code Execution
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 262 Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)
Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...
Fedora: Security Advisory for snakeyaml (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: snakeyaml-1.33-3.fc40
SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
Deserialization of untrusted data
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2024-28212
CVE-2024-28212 affects nGrinder prior to 3.5.9, where an outdated SnakeYAML version enables unsafe deserialization that could let a remote attacker run arbitrary code. The vulnerability stems from deserializing untrusted data via SnakeYAML within nGrinder’s stack. Affected software: nGrinder vers...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
PT-2024-22338 · Ngrinder +1 · Ngrinder +1
Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue is related to the use of an old version of SnakeYAML in nGrinder, which could allow a remote attacker to execute arbitrary code via unsafe deserialization. Recommendations: For versions...
Security Bulletin: Vulnerabilities in Apache Axis, Apache Shiro and SnakeYAML affect IBM WebSphere Service Registry and Repository
Summary An execute arbitrary code vulnerability in Apache Axis CVE-2023-40743, an authentication bypass vulnerability in Apache Shiro CVE-2023-34478 and several vulnerabilities in SnakeYAML incl. remote code execution vulnerability CVE-2022-1471 affect IBM WebSphere Service Registry and Repositor...
Deserialization of untrusted data
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51389
CVE-2023-51389 affects Hertzbeat, a real-time monitoring system. The vulnerability resides at the /define/yml interface, where SnakeYAML is used to parse YAML without a security configuration, enabling YAML deserialization. Affects versions prior to 1.4.1; version 1.4.1 fixes the issue. The issue...