Lucene search
K

31 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:46 a.m.47 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

7.5CVSS8.8AI score0.19653EPSS
Exploits4Affected Software1
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.28 views

CVE-2022-38751 affecting package snakeyaml 1.25-2

CVE-2022-38751 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...

6.5CVSS9.3AI score0.01507EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 5:29 a.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.47 views

Amazon Linux 2 : snakeyaml (ALAS-2024-2403)

The version of snakeyaml installed on the remote host is prior to 1.11-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2403 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is runnin...

6.5CVSS6.9AI score0.01507EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.62 views

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.19653EPSS
Exploits15References18
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.56 views

GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...

9.3CVSS6.9AI score0.26723EPSS
Exploits2References8
OSV
OSV
added 2023/05/05 3:39 p.m.17 views

RLSA-2023:2097 Important: Satellite 6.13 Release

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: CVE-2022-1471 CVE-2022-25857 CVE-2022-38749...

9.8CVSS8.6AI score0.99931EPSS
Exploits63References263
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 9:29 a.m.36 views

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749)

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a...

6.5CVSS7.1AI score0.02091EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.39 views

Ubuntu: Security Advisory (USN-5944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.02191EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2023/03/10 10:18 a.m.80 views

USN-5944-1: SnakeYAML vulnerabilities

It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...

7.5CVSS6.7AI score0.02191EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/10 12:0 a.m.51 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SnakeYAML vulnerabilities (USN-5944-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5944-1 advisory. It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a...

7.5CVSS6.8AI score0.02191EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.39 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.8AI score0.99615EPSS
Exploits41References32
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 6:50 p.m.70 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to SnakeYAML

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from SnakeYAML. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

7.5CVSS7.2AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:56 p.m.35 views

Security Bulletin: Vulnerability in SnakeYAML affects IBM Process Mining . CVE-2022-38751

Summary There is a vulnerability in SnakeYAML that could allow a Denial Of Service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denia...

6.5CVSS7.2AI score0.02091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:35 a.m.71 views

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service attacks due to snakeYAML

Summary SnakeYAML is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service attacks. CVE-2022-25857, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749, CVE-2022-38750 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package...

7.5CVSS6.7AI score0.02191EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/11 6:41 p.m.41 views

Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitatio...

9.8CVSS9.7AI score0.99615EPSS
Exploits30Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 9:20 a.m.50 views

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in SnakeYAML (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 & CVE-2022-38752)

Summary A denial of service issue was identified within SnakeYAML that is used by Fabric Gateway. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. Vulnerability Details...

6.5CVSS6.6AI score0.02091EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 9:50 a.m.59 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process YAML data may be vulnerable to denial of service due to CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.5CVSS6.7AI score0.02091EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/17 1:40 p.m.52 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

8.8CVSS6.7AI score0.02191EPSS
Exploits5References11
Tenable Nessus
Tenable Nessus
added 2022/11/16 12:0 a.m.48 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...

9.8CVSS8AI score0.42646EPSS
Exploits3References26
Rows per page
Query Builder