Lucene search
K

242 matches found

Ubuntu
Ubuntu
added 2025/03/27 4:1 p.m.9 views

USN-7368-1: SnakeYAML vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

7.5CVSS7AI score0.26723EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:30 p.m.10 views

CVE-2024-43405

Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code...

7.8CVSS7.4AI score0.01118EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/01/04 2:29 p.m.20 views

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS sco...

7.8CVSS9.6AI score0.01118EPSS
Exploits0
OSV
OSV
added 2024/09/04 5:38 p.m.23 views

GHSA-7H5P-MMPP-HGMM Nuclei Template Signature Verification Bypass

Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...

7.4CVSS7.9AI score0.01118EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/09/04 5:38 p.m.24 views

Nuclei Template Signature Verification Bypass

Summary A vulnerability has been identified in Nuclei's template signature verification system that could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. Affected Component The vulnerability is present in the template signature...

7.8CVSS7.4AI score0.01118EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/09/04 3:36 p.m.68 views

CVE-2024-43405

Insight: CVE-2024-43405 affects ProjectDiscovery Nuclei. The issue is in the template signature verification (signer package), where a newline handling discrepancy between the signature verification and YAML parsing allows an attacker to craft templates that bypass digest verification and potenti...

7.8CVSS7.7AI score0.01118EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/17 2:24 p.m.4 views

USN-6838-1 ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2024-27281 It was discovered that the Ruby regex...

6.6CVSS6.8AI score0.01571EPSS
Exploits0References3
Veracode
Veracode
added 2024/06/17 6:56 a.m.17 views

Infinite Loop

LibYAML is vulnerable to an Infinite loop. The vulnerability is due to improper handling of buffer states during YAML parsing. An attackers can exploit this by crafting a specific input to the YAML parser which potentially leads to a Denial-of-Service DoS condition...

6.9AI score
Exploits0References2Affected Software1
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: snakeyaml-1.33-3.fc40

SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2024/02/12 10:26 a.m.6 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/12/07 1:41 p.m.5 views

dev-java/snakeyaml: DoS via stack overflow

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

6.5CVSS6.8AI score0.01476EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.5 views

go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...

7.5CVSS7.3AI score0.017EPSS
Exploits0References8
Veracode
Veracode
added 2023/08/02 3:27 a.m.18 views

Code Injection

boofcv-io is vulnerable to Code Injection. The vulnerability exists because the createYmlObject function of CalibrationIO.java does not properly set the code point limit for the yaml parser, which allows an attacker to inject and execute malicious code by loading a maliciously crafted camera...

9.8CVSS7.3AI score0.00747EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.4 views

dev-java/snakeyaml: DoS via stack overflow

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

6.5CVSS6.8AI score0.01476EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/05/10 11:59 a.m.6 views

dev-java/snakeyaml: DoS via stack overflow

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

6.5CVSS6.8AI score0.01476EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.5 views

snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

6.5CVSS6.8AI score0.01642EPSS
Exploits0References4
NVD
NVD
added 2023/03/20 1:15 p.m.41 views

CVE-2023-28118

kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and...

7.5CVSS7.6AI score0.00974EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.2 views

go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...

7.5CVSS7.3AI score0.017EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2023/03/10 10:18 a.m.80 views

USN-5944-1: SnakeYAML vulnerabilities

It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...

7.5CVSS6.7AI score0.02191EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.7 views

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

7.5CVSS6.8AI score0.02191EPSS
Exploits2References5
Rows per page
Query Builder