Lucene search
+L

634 matches found

Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.3 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.01025EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.2 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.02091EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.4 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.01507EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.2 views

DoS in SnakeYAML

...

6.5CVSS7AI score0.01642EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:10 a.m.6 views

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

...

9.3CVSS8.8AI score0.26723EPSS
Exploits1
OSV
OSV
added 2025/09/24 5:15 p.m.7 views

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

8.8CVSS6.4AI score0.01261EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can...

9.8CVSS7.8AI score0.99615EPSS
Exploits8References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.7 views

CVE-2024-28212

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...

9.8CVSS8AI score0.01026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.7 views

CVE-2023-51389

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

9.8CVSS7AI score0.01294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.24 views

CVE-2021-36162

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS6.8AI score0.02019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.14 views

CVE-2020-1947

In Apache ShardingSphereincubator 4.0.0-RC3 and 4.0.0, the ShardingSphere's web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security...

9.8CVSS7AI score0.33918EPSS
Exploits1
Redos
Redos
added 2025/04/24 12:0 a.m.8 views

ROS-20250424-02

The vulnerability of SnakeYAML library for serialization and deserialization of YAML documents is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS8.1AI score0.99615EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:46 a.m.85 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.87211EPSS
Exploits7Affected Software1
Ubuntu
Ubuntu
added 2025/03/27 4:1 p.m.9 views

USN-7368-1: SnakeYAML vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

7.5CVSS7AI score0.26723EPSS
Exploits1
OSV
OSV
added 2025/03/27 4:1 p.m.6 views

USN-7368-1 snakeyaml vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

7.5CVSS6.8AI score0.26723EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.76 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...

7.8CVSS10AI score0.0486EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:30 a.m.68 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

9.8CVSS10AI score0.10539EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:46 a.m.47 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

7.5CVSS8.8AI score0.19653EPSS
Exploits4Affected Software1
OpenVAS
OpenVAS
added 2025/03/25 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-7368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.26723EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/24 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : SnakeYAML vulnerability (USN-7368-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7368-1 advisory. It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to...

7.5CVSS6.9AI score0.26723EPSS
Exploits1References2
Rows per page
Query Builder