4 matches found
RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. - SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 - jenkins: Observable timing discrepancy allows...
RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...
Security Bulletin: IBM Match 360 is vulnerable to SnakeYaml's Constructor() class that not restrict types which can be instantiated during deserialization (CVE-2022-1471)
Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict...
CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...