Astra Linux - уязвимость в pyyaml

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

EUVD-2014-0454

Malware in sbrugna...

EUVD-2022-3676

Malicious code in bioql PyPI...

EUVD-2021-8632

Malicious code in bioql PyPI...

EUVD-2022-29614

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

Oracle Linux 8 : python38:3.8 (ELSA-2020-4641)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4641 advisory. - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote...

GHSA-4PM3-F52J-8GGH Improper Input Validation in GeoServer

Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota...

CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache

GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...

GeoWebCache 代码问题漏洞

GeoWebCache is a Java Web application used to cache map slices from various sources, such as the OGC Web Map Service WMS. A code issue vulnerability exists in GeoWebCache that stems from a disk quota mechanism that can perform unchecked JNDI lookups, which in turn can be used to perform class...

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

Deserialization of untrusted data

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

CVE-2022-24818

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

CVE-2022-24818 Unchecked JNDI lookups in GeoTools

GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case,...

Remote Code Execution (RCE)

ajaxnetprofessional is vulnerable to remote code execution. A remote attacker is able to gain code execution capability via exploiting the possibility of arbitrary .NET class deserialization...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : PyYAML (EulerOS-SA-2021-2165)

According to the versions of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS ...

GHSA-3PQX-4FQF-J49F Deserialization of Untrusted Data in PyYAML

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...