MGASA-2025-0275 Updated perl-YAML-LibYAML packages fix security vulnerability

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...

EUVD-2020-0633

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-2525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a...

Linux Distros Unpatched Vulnerability : CVE-2013-6393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service...

Ubuntu 22.04 LTS / 24.04 LTS : YAML-LibYAML vulnerability (USN-7632-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7632-1 advisory. It was discovered that YAML-LibYAML incorrectly handled certain file names. An attacker could possibly use this issue to overwrite arbitrary files...

AlmaLinux 9 : perl-YAML-LibYAML (ALSA-2025:9330)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:9330 advisory. yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

yaml-libyaml: LibYAML Perl File Modification Vulnerability

A flaw was found in yaml-libyaml. The component uses a two-argument open function when parsing YAML files, which allows an attacker to modify existing files on the system. This flaw allows a local attacker to provide a crafted YAML file as input. This issue can result in unauthorized modification...

Security Bulletin: IBM Watson Speech Services Cartridge v5.1.2 is vulnerable to a Base OS issue in LibYAML (CVE-2024-35325)

Summary IBM Watson Speech Services Cartridge v5.1.2 is vulnerable to a Base OS issue in LibYAML , caused by a double-free in the function yamleventdelete of the file /src/libyaml/src/api.c CVE-2024-35325. We have updated the base image used by our Speech Services and the following vulnerability h...

CVE-2024-35328

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35328

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35326

CVE-2024-35326 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2024-35329

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2024-35329

...

CVE-2024-35329

Removed by vendor...

@hytong-yarn/cli (=1.4.0), @yym-yarn/cli (=1.0.0) +10 more potentially affected by CVE-2013-6393 via libyaml (>=0.0.2 <=0.2.2)

libyaml NPM version =0.0.2, =0.3.0, =1.0.24, =2.0.8, =0.0.1, =0.1.2, =0.0.10, =0.0.4, =0.0.5 Source cves: CVE-2013-6393 Source advisory: OSV:GHSA-M75H-CGHQ-C8H5...

GHSA-M75H-CGHQ-C8H5 Heap Based Buffer Overflow in libyaml

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags. Recommendation - Update to version 0.2.3 that includes a version of...

USN-2461-1: LibYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

ALPINE-CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

Ubuntu 12.04 LTS / 12.10 / 13.10 : libyaml vulnerability (USN-2160-1)

Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description...