Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-38752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker m...

6.5CVSS6.9AI score0.02091EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.161 views

CVE-2022-38752 affecting package snakeyaml 1.25-2

CVE-2022-38752 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...

6.5CVSS9AI score0.02091EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 5:45 p.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)

Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...

6.5CVSS7.2AI score0.02091EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.40 views

Amazon Linux 2 : snakeyaml (ALAS-2024-2450)

The version of snakeyaml installed on the remote host is prior to 1.11-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2450 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

6.5CVSS7.3AI score0.02091EPSS
Exploits0References4
Amazon
Amazon
added 2024/02/05 12:0 a.m.37 views

Low: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CVE-2022-38752 Affected Packages: snakeyaml Note: Th...

6.5CVSS7.5AI score0.02091EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:4 p.m.40 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

9.8CVSS9.6AI score0.99615EPSS
Exploits11Affected Software1
Amazon
Amazon
added 2023/10/03 12:0 a.m.5 views

Medium: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CVE-2022-38752 Those using Snakeyaml to parse...

6.5CVSS7AI score0.02091EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.62 views

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.19653EPSS
Exploits16References18
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.56 views

GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...

9.3CVSS6.9AI score0.26723EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.45 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.02091EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/10 11:25 a.m.84 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 7

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.02091EPSS
Exploits2References8
OSV
OSV
added 2023/05/05 3:39 p.m.17 views

RLSA-2023:2097 Important: Satellite 6.13 Release

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: CVE-2022-1471 CVE-2022-25857 CVE-2022-38749...

9.8CVSS8.6AI score0.99931EPSS
Exploits63References263
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 3:33 p.m.79 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.1 Vulnerability Details CVEID:CVE-2023-0767 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS10AI score0.8377EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 9:29 a.m.36 views

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749)

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a...

6.5CVSS7.1AI score0.02091EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.43 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8AI score0.99615EPSS
Exploits10References44
RedHat Linux
RedHat Linux
added 2023/03/29 11:45 a.m.42 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.2AI score0.99615EPSS
Exploits10References33
RedHat Linux
RedHat Linux
added 2023/03/29 11:44 a.m.90 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.2AI score0.99615EPSS
Exploits10References33
RedHat Linux
RedHat Linux
added 2023/03/29 11:44 a.m.47 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.2AI score0.99615EPSS
Exploits10References33
RedHat Linux
RedHat Linux
added 2023/03/29 11:43 a.m.64 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.2AI score0.99615EPSS
Exploits10References33
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 6:50 p.m.70 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to SnakeYAML

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from SnakeYAML. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

7.5CVSS7.2AI score0.02191EPSS
Exploits3Affected Software1
Rows per page
Query Builder