29 matches found
MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-6.el8 (AXSA:2021-1339:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1339:01 advisory. snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 Tenable has extracted the preceding description block directly from the MiracleLinux securi...
Ubuntu: Security Advisory (USN-7368-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2017-18640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus...
CVE-2017-18640 affecting package snakeyaml 1.25-2
CVE-2017-18640 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...
Rocky Linux 8 : prometheus-jmx-exporter (RLSA-2020:4807)
The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2020:4807 advisory. - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus h...
GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...
Security Bulletin: Vulnerabilities in SnakeYAML used by Logstash affects IBM Operations Analytics - Log Analysis (CVE-2022-25857, CVE-2017-18640)
Summary Multiple vulnerabilities in SnakeYAML affects IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are in the Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to SnakeYAML (CVE-2017-18640)
Summary MyFG 2.0 of IBM Sterling B2B Integrator uses SnakeYAML. There is a denial of service vulnerability in SnakeYAML which has been addressed. Vulnerability Details CVEID:CVE-2017-18640 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature...
AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2020:4807)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:4807 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that Nessus has not...
openSUSE 15 Security Update : snakeyaml (openSUSE-SU-2021:1876-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1876-1 advisory. - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 Note that...
openSUSE: Security Advisory for snakeyaml (openSUSE-SU-2021:1876-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1876-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
SUSE-SU-2021:1978-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
openSUSE Security Update : snakeyaml (openSUSE-2021-855)
This update for snakeyaml fixes the following issues : - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088 This update was imported from the SUSE:SLE-15-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network...
SUSE: Security Advisory (SUSE-SU-2021:1876-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for snakeyaml (openSUSE-SU-2021:0855-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0855-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088 This update was imported from the SUSE:SLE-15-SP2:Update update project...
CentOS 8 : prometheus-jmx-exporter (CESA-2020:4807)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:4807 advisory. - snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 Note that Nessus has not tested for this issue but has instead relied only on the...
prometheus-jmx-exporter security update
0.12.0-6 - Fix CVE-2017-18640 by using updated snakeyaml...
Moderate: Red Hat Security Advisory: prometheus-jmx-exporter security update
An update for prometheus-jmx-exporter is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...