979 matches found
CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
DEBIAN-CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
UBUNTU-CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
Deserialization of untrusted data
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2022-1471 Remote Code execution in SnakeYAML
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2022-1471
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2022-1471 Remote Code execution in SnakeYAML
SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...
CVE-2022-1471
CVE-2022-1471 is caused by SnakeYAML deserialization allowing remote code execution. At Atlassian Data Center/Server products (e.g., Jira Core/Jira Software/Data Center and Server, Confluence Data Center/Server, Bitbucket Data Center/Server) multiple versions were affected due to the SnakeYAML un...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
CVE-2022-37598
A prototype pollution vulnerability was found in UglifyJS, stemming from the DEFNODE function in ast.js via the name variable. Exploiting this flaw involves adding or altering properties of the Object.prototype through a "proto" or constructor payload, enabling an attacker to execute arbitrary co...
OwnableTwoStep delay not set
Lines of code Vulnerability details Impact Contract TokenRescuer inherits the contract OwnableTwoSteps but does not set any delay. There should be a constructor in TokenRescuer responsible for setting the delay as described in the comments of the OwnableTwoSteps contract. Without any delay,...
Wrong marketplace address in SeaportProxy.sol
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The marketplace variable in SeaportProxy was initialized in the constructor, however since SeaportProxy will only be used in a delegatecall, such initialization in the constructor will be useless as it...
Governor ownership can be lost because of not sanity check
Lines of code Vulnerability details Governor ownership can be lost because of no checks Impact Sanity checks are important to not affect reputation / flows and users of the protocol when a mistake is done. 0 address should be checked for important address assignments in this case, only done in th...
CVE-2022-41259
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...
CVE-2022-41259
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...
Code injection
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...
SAP SQL Anywhere 安全漏洞
SAP SQL Anywhere is an SAP-specific relational database management system from SAP, Germany. A security vulnerability in SAP SQL Anywhere version 17.0 exists because it allows an authenticated attacker to prevent legitimate users from accessing the SQL Anywhere database server by crashing the...
CVE-2022-41259
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...
PT-2022-6134 · Sap · Sap Sql Anywhere
Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 Description: The issue is related to the lack of protection for the SQL query structure in SAP SQL Anywhere. An authenticated attacker can exploit this by crashing the server with specially crafted queries that u...
Prototype Pollution
unset-value is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the module.exports function in index.js and modify attributes such as proto, constructor, and prototype base objects...