Lucene search
K

258 matches found

Prion
Prion
added 2018/08/06 3:29 p.m.16 views

Code injection

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...

7.5CVSS9.8AI score0.20482EPSS
Exploits7References3Affected Software1
NVD
NVD
added 2018/08/06 3:29 p.m.16 views

CVE-2017-6920

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...

9.8CVSS9.8AI score0.20482EPSS
Exploits7References3
OSV
OSV
added 2018/08/06 3:29 p.m.27 views

CVE-2017-6920

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...

9.8CVSS7.9AI score
Exploits0References3
CVE
CVE
added 2018/08/06 3:0 p.m.141 views

CVE-2017-6920

CVE-2017-6920 affects Drupal core 8.x before 8.3.4. Root cause: the PECL YAML parser does not safely handle PHP objects during certain operations, enabling remote code execution by an unauthenticated attacker. The provided documents do not specify exploitation vectors beyond this description, nor...

9.8CVSS9.7AI score0.20482EPSS
Exploits7References3Affected Software1
Cvelist
Cvelist
added 2018/08/06 3:0 p.m.21 views

CVE-2017-6920

Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...

9.8AI score0.20482EPSS
Exploits7References3
Veracode
Veracode
added 2017/11/10 11:51 p.m.10 views

Remote Code Execution (RCE)

confire is vulnerable to remote code execution attacks. The attacks can happen because the config.py file allows users to parse their configuration from the /.confire.yaml through the yaml.load function of the YAML parser, allowing attackers to inject and execute arbitrary python commands...

9.8CVSS9.8AI score0.04435EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2017/11/08 9:4 a.m.13 views

Arbitrary Code Execution

owlmixin is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...

9.8CVSS9.5AI score0.04435EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2017/11/08 8:52 a.m.15 views

Arbitrary Code Execution

pyanyapi is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...

9.8CVSS9.5AI score0.03589EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2017/11/08 8:38 a.m.15 views

Arbitrary Code Execution

mlalchemy is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...

9.8CVSS9.5AI score0.03415EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2017/10/06 8:49 a.m.47 views

RubyGems: Remote code execution on rubygems.org

When parsing a gem POSTed to the /api/v1/gems endpoint, the rubygems.org application immediately calls Gem::Package.newbody.spec inside app/models/pusher.rb. The authors of the application correctly observed that parsing untrusted YAML is dangerous since it can serialize more or less arbitrary...

7.5CVSS9.3AI score0.15853EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/07/07 12:0 a.m.35 views

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (4fc2df49-6279-11e7-be0f-6cf0497db129)

Drupal Security Team Reports : CVE-2017-6920: PECL YAML parser unsafe object handling. CVE-2017-6921: File REST resource does not properly validate CVE-2017-6922: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users. %NASLMINLEVEL 70300 C Tenable...

9.8CVSS6.7AI score0.20482EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2017/06/27 12:0 a.m.333 views

Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.56 or 8.x prior to 8.3.4. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain...

9.8CVSS7.3AI score0.20482EPSS
Exploits7References6
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.22 views

PECL YAML parser unsafe object handling

More info at https://www.drupal.org/SA-CORE-2017-003...

9.8CVSS7.2AI score0.20482EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.23 views

PECL YAML parser unsafe object handling

More info at https://www.drupal.org/SA-CORE-2017-003...

9.8CVSS7.2AI score0.20482EPSS
Exploits7Affected Software1
CNVD
CNVD
added 2017/04/05 12:0 a.m.7 views

yaml-cpp denial of service vulnerability

yaml-cpp also known as LibYaml-C ++ is a YAML parser. A denial of service vulnerability in the SingleDocParser :: HandleNode function in yaml-cpp version 0.5.3 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...

5.5CVSS5.4AI score0.02034EPSS
Exploits1References1
Fedora
Fedora
added 2015/04/21 6:36 p.m.22 views

[SECURITY] Fedora 22 Update: PyYAML-3.11-7.fc22

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

5CVSS1.7AI score0.13195EPSS
Exploits1
Fedora
Fedora
added 2015/04/05 2:33 p.m.27 views

[SECURITY] Fedora 21 Update: PyYAML-3.11-7.fc21

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

5CVSS1.7AI score0.13195EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.31 views

Debian DLA-127-1 : pyyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. NOTE: Tenabl...

5CVSS8.3AI score0.13195EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/02/23 12:55 p.m.29 views

Moderate: Red Hat Security Advisory: libyaml security update

Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 and 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

5CVSS7.2AI score0.13195EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2015/01/12 10:12 p.m.48 views

USN-2461-3: PyYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

5CVSS8.3AI score0.13195EPSS
Exploits1
Rows per page
Query Builder