Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.50 views

RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory. - SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 - jenkins: Observable timing discrepancy allows...

9.8CVSS7.1AI score0.99615EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.63 views

RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...

9.9CVSS7.1AI score0.99615EPSS
Exploits11References56
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 1:42 a.m.24 views

Security Bulletin: IBM Match 360 is vulnerable to SnakeYaml's Constructor() class that not restrict types which can be instantiated during deserialization (CVE-2022-1471)

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict...

9.8CVSS9.5AI score0.99615EPSS
Exploits7Affected Software1
Debian CVE
Debian CVE
added 2022/12/01 10:47 a.m.218 views

CVE-2022-1471

SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...

9.8CVSS8.3AI score0.99615EPSS
Exploits7
Rows per page
Query Builder