634 matches found
CVE-2021-23262 Snakeyaml deserialization vulnerability bypass
Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE...
CVE-2021-41110
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...
Deserialization of untrusted data
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...
Cwlviewer 代码问题漏洞
Cwlviewer is a web application for viewing and sharing workflows in the Common Workflow Language. A code issue vulnerability exists in cwlviewer that stems from the SnakeYaml constructor allowing parsing of any data...
GHSA-R577-4HQ7-73QH Remote Code Execution in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
Remote Code Execution in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
CVE-2021-36162
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
CVE-2021-36162
Apache Dubbo (routing/configuration rules loaded from config centers like Zookeeper or Nacos) is affected by CVE-2021-36162 through unsafe YAML deserialization using SnakeYAML, which can enable arbitrary constructor invocation and remote code execution when consumers retrieve tampered rules. The ...
CVE-2021-36162 Unprotected yaml deserialization cause RCE
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
snakeyaml: Billion laughs attack via alias feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.8.0 release and security update
Red Hat AMQ Streams 1.8.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
snakeyaml: Billion laughs attack via alias feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
openSUSE 15 Security Update : snakeyaml (openSUSE-SU-2021:1876-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1876-1 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that...
openSUSE: Security Advisory for snakeyaml (openSUSE-SU-2021:1876-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1876-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
Security update for snakeyaml (important)
openSUSE Security Update: Security update for snakeyaml Announcement ID: openSUSE-SU-2021:1876-1 Rating: important References: 1159488 1186088 Cross-References: CVE-2017-18640 CVSS scores: CVE-2017-18640 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-18640 SUSE: 7.5...
Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.
Summary Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify...
SUSE-SU-2021:1979-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
SUSE-SU-2021:1978-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
SUSE SLED15 / SLES15 Security Update : snakeyaml (SUSE-SU-2021:1876-1)
The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:1876-1 advisory. - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088 Tenable has...