Lucene search
K

633 matches found

Vulnrichment
Vulnrichment
added 2024/09/21 9:30 a.m.23 views

CVE-2024-42323 Apache HertzBeat: RCE by snakeYaml deser load malicious xml

SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat incubating. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat incubating: before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue...

6.9AI score0.04054EPSS
Exploits0References2
CVE
CVE
added 2024/09/21 9:30 a.m.81 views

CVE-2024-42323

Apache HertzBeat (incubating) before version 1.6.0 is affected by a SnakeYAML deserialization vulnerability that enables remote code execution. The issue stems from insecure deserialization of YAML/XML data and is exploitable by authorized attackers. Upgrade to 1.6.0 to fix the issue.

8.8CVSS8.7AI score0.04054EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/09/21 12:0 a.m.3 views

Apache HertzBeat 代码问题漏洞

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

8.8CVSS7.8AI score0.04054EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 5:29 a.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 8:44 p.m.16 views

Security Bulletin: Vulnerability in SnakeYaml affects watsonx.data

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml coul...

9.8CVSS9.5AI score0.99615EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.30 views

SUSE SLED15: mockito / mockito-javadoc / snakeyaml / snakeyaml-javadoc / testng / etc (SUSE-SU-2024:2568-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2568-1 advisory. mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 i...

7.8CVSS6.5AI score0.00876EPSS
Exploits1References4
OSV
OSV
added 2024/07/22 3:19 a.m.20 views

SUSE-SU-2024:2568-1 Security update for mockito, snakeyaml, testng

This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline...

7.8CVSS7.4AI score0.00876EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/07/22 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2024:2568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.00876EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/16 12:0 a.m.28 views

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

7.5CVSS7.3AI score0.01858EPSS
Exploits4References6
OSV
OSV
added 2024/06/15 12:0 a.m.9 views

OPENSUSE-SU-2024:12308-1 snakeyaml-1.31-1.1 on GA media

These are all security issues fixed in the snakeyaml-1.31-1.1 package on the GA media of openSUSE Tumbleweed...

9CVSS7AI score0.22709EPSS
Exploits3References6
OSV
OSV
added 2024/06/15 12:0 a.m.17 views

OPENSUSE-SU-2024:11391-1 snakeyaml-1.28-2.2 on GA media

These are all security issues fixed in the snakeyaml-1.28-2.2 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.6AI score0.26723EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.44 views

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...

7.5CVSS7.5AI score0.0326EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.32 views

RHEL 8 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-commons-net: FTP client trusts the host from PASV response by default CVE-2021-37533 - Those using...

7.5CVSS7.8AI score0.01858EPSS
Exploits4References6
Redos
Redos
added 2024/05/14 12:0 a.m.45 views

ROS-20240514-05

Vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to a buffer overflow on the stack. buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial...

6.5CVSS7.2AI score0.01476EPSS
Exploits1
Redos
Redos
added 2024/05/14 12:0 a.m.26 views

ROS-20240514-03

The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS8.1AI score0.99615EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.55 views

RHEL 7 : snakeyaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 - Usin...

8.2AI score0.02191EPSS
Exploits3References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 6:52 p.m.40 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitra...

9.8CVSS9.5AI score0.99615EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.44 views

RHEL 8 : Red Hat Product OCP Tools 4.11 Openshift Jenkins (RHSA-2023:6171)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6171 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.8CVSS7.9AI score0.99931EPSS
Exploits48References12
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.45 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0776 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.8CVSS7.8AI score0.99999EPSS
Exploits91References50
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.40 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.9CVSS8.1AI score0.99931EPSS
Exploits52References48
Rows per page
Query Builder