18 matches found
[SECURITY] [DLA 4578-1] rails security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 11, 2026 https://wiki.debian.org/LTS -...
Debian dla-4578 : rails - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...
Astra Linux – Vulnerability in Rails
There is a potential escalation to an RCE vulnerability when using YAML serialized columns in Active Record versions 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1. This could allow an attacker, who can manipulate data in the database through methods like SQL injection, to escalate the attack to an RCE...
[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.39-1.fc42
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
[SECURITY] Fedora 43 Update: perl-YAML-Syck-1.39-1.fc43
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
[SECURITY] Fedora 44 Update: perl-YAML-Syck-1.39-1.fc44
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42
This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...
EUVD-2023-0042
Malicious code in bioql PyPI...
YAML-LibYAML: Shell injection
Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...
Linux Distros Unpatched Vulnerability : CVE-2022-32224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an...
CVE-2023-46302
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
Design/Logic Flaw
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
PYSEC-2023-240
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...
Sql injection
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...