Lucene search
+L

634 matches found

Cvelist
Cvelist
added 2021/12/02 3:40 p.m.18 views

CVE-2021-23262 Snakeyaml deserialization vulnerability bypass

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE...

4.2CVSS7.2AI score0.00623EPSS
Exploits0References1
OSV
OSV
added 2021/10/01 1:15 p.m.14 views

CVE-2021-41110

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...

9.8CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2021/10/01 1:15 p.m.10 views

Deserialization of untrusted data

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...

7.5CVSS9.2AI score0.02724EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.3 views

Cwlviewer 代码问题漏洞

Cwlviewer is a web application for viewing and sharing workflows in the Common Workflow Language. A code issue vulnerability exists in cwlviewer that stems from the SnakeYaml constructor allowing parsing of any data...

9.8CVSS8.4AI score0.02724EPSS
Exploits1References4
OSV
OSV
added 2021/09/08 8:14 p.m.8 views

GHSA-R577-4HQ7-73QH Remote Code Execution in Apache Dubbo

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS6AI score0.02019EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/08 8:14 p.m.63 views

Remote Code Execution in Apache Dubbo

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS8.4AI score0.02019EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/09/07 10:15 a.m.15 views

CVE-2021-36162

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS8.6AI score
Exploits0References1
CVE
CVE
added 2021/09/07 9:25 a.m.85 views

CVE-2021-36162

Apache Dubbo (routing/configuration rules loaded from config centers like Zookeeper or Nacos) is affected by CVE-2021-36162 through unsafe YAML deserialization using SnakeYAML, which can enable arbitrary constructor invocation and remote code execution when consumers retrieve tampered rules. The ...

8.8CVSS8.7AI score0.02019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/07 9:25 a.m.72 views

CVE-2021-36162 Unprotected yaml deserialization cause RCE

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8AI score0.02019EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.5 views

snakeyaml: Billion laughs attack via alias feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

7.5CVSS7.2AI score0.26723EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.65 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 1.8.0 release and security update

Red Hat AMQ Streams 1.8.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.8CVSS6.7AI score0.82371EPSS
Exploits16References14
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.5 views

snakeyaml: Billion laughs attack via alias feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

7.5CVSS7.2AI score0.26723EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.40 views

openSUSE 15 Security Update : snakeyaml (openSUSE-SU-2021:1876-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1876-1 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that...

9.3CVSS6.7AI score0.26723EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.33 views

openSUSE: Security Advisory for snakeyaml (openSUSE-SU-2021:1876-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.26723EPSS
Exploits1References2
OSV
OSV
added 2021/07/11 8:53 a.m.10 views

OPENSUSE-SU-2021:1876-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.4AI score0.26723EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.36 views

Security update for snakeyaml (important)

openSUSE Security Update: Security update for snakeyaml Announcement ID: openSUSE-SU-2021:1876-1 Rating: important References: 1159488 1186088 Cross-References: CVE-2017-18640 CVSS scores: CVE-2017-18640 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-18640 SUSE: 7.5...

7.5CVSS6.7AI score0.26723EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/23 6:1 p.m.47 views

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Summary Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify...

9.8CVSS9.9AI score0.26723EPSS
Exploits5Affected Software1
OSV
OSV
added 2021/06/15 11:6 a.m.7 views

SUSE-SU-2021:1979-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.5AI score0.26723EPSS
Exploits1References4
OSV
OSV
added 2021/06/15 11:6 a.m.7 views

SUSE-SU-2021:1978-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.5AI score0.26723EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/06/11 12:0 a.m.30 views

SUSE SLED15 / SLES15 Security Update : snakeyaml (SUSE-SU-2021:1876-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:1876-1 advisory. - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088 Tenable has...

7.5CVSS6.8AI score0.26723EPSS
Exploits1References5
Rows per page
Query Builder