Lucene search
K

243 matches found

OSV
OSV
added 2022/01/06 7:44 p.m.19 views

GHSA-HJGM-F7VX-M5G7 Deserialization of Untrusted Data in Apache Heron

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...

9.8CVSS9.9AI score0.04815EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/01/06 7:44 p.m.24 views

Deserialization of Untrusted Data in Apache Heron

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities CWE-502: Deserialization of Untrusted Data...

9.8CVSS9.7AI score0.04815EPSS
Exploits0References7Affected Software1
Redos
Redos
added 2021/09/08 12:0 a.m.5 views

ROS-2-2225

2.2225 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.1AI score0.05984EPSS
Exploits3
Redos
Redos
added 2021/09/08 12:0 a.m.4 views

ROS-2-2163

2.2163 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.1AI score0.05984EPSS
Exploits1
Prion
Prion
added 2021/09/07 8:15 p.m.18 views

Design/Logic Flaw

kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in...

4CVSS6.4AI score0.01658EPSS
Exploits1References3Affected Software1
Ubuntu
Ubuntu
added 2021/05/10 2:19 p.m.408 views

USN-4940-1: PyYAML vulnerability

It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code...

10CVSS7.7AI score0.05984EPSS
Exploits1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.8 views

PyYAML Input Validation Error Vulnerability

PyYAML is a Python based YAML parser and generator. An input validation error vulnerability exists in PyYAML that arises from a network system or product that does not properly validate input data...

10CVSS6.9AI score0.05984EPSS
Exploits1References17
OpenVAS
OpenVAS
added 2021/02/01 12:0 a.m.20 views

Fedora: Security Advisory for PyYAML (FEDORA-2021-eed7193502)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8AI score
Exploits0References2
Fedora
Fedora
added 2021/01/30 1:42 a.m.87 views

[SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

10CVSS9AI score0.05984EPSS
Exploits1
Fedora
Fedora
added 2021/01/23 1:32 a.m.85 views

[SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

10CVSS9AI score0.05984EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/01/23 12:0 a.m.29 views

Fedora: Security Advisory for PyYAML (FEDORA-2021-3342569a0f)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8AI score
Exploits0References2
NVD
NVD
added 2020/12/02 2:15 a.m.26 views

CVE-2020-5423

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

7.8CVSS7.5AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2020/12/02 2:15 a.m.27 views

CVE-2020-5423

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

7.5CVSS6.8AI score0.01131EPSS
Exploits0References1
Prion
Prion
added 2020/12/02 2:15 a.m.14 views

Design/Logic Flaw

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

7.8CVSS7.5AI score0.01131EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/12/02 1:55 a.m.36 views

CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML parsing

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

7.5CVSS7.5AI score0.01131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/03 12:0 a.m.2 views

PT-2020-19749 · Js Yaml +3 · Js-Yaml +3

Name of the Vulnerable Software and Affected Versions: grunt versions prior to 1.3.0 Description: The issue is related to Arbitrary Code Execution due to the default usage of the load function instead of its secure replacement safeLoad of the js-yaml package inside grunt.file.readYAML...

7.8CVSS6.2AI score0.02285EPSS
Exploits3References28
Gentoo Linux
Gentoo Linux
added 2020/07/26 12:0 a.m.30 views

yaml-cpp: Denial of service

Background yaml-cpp is a YAML parser and emitter in C++. Description The function Scanner::peek in scanner.cpp may have an assertion failure. Impact An attacker could cause a possible Denial of Service condition. Workaround There is no known workaround at this time. Resolution All yaml-cpp users...

7.5CVSS4AI score0.02249EPSS
Exploits1
OSV
OSV
added 2020/07/02 3:15 p.m.21 views

CVE-2020-2211

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

8.8CVSS7.8AI score
Exploits0References2
Prion
Prion
added 2020/07/02 3:15 p.m.20 views

Remote code execution

Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

6.5CVSS9AI score0.02282EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/02 2:55 p.m.88 views

CVE-2020-2211

CVE-2020-2211 affects Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin (versions ≤ 1.3). The root cause is that the YAML parser is not configured to prevent instantiation of arbitrary types, enabling remote code execution. The CVE entry notes a questionable attack surface but does not provide e...

8.8CVSS8.9AI score0.02282EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder