Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-yaql (UTSA-2026-000170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000170 advisory. In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...

TencentOS Server 4: python-yaql (TSSA-2024:1088)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1088 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2016-0028

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-4972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient...

Linux Distros Unpatched Vulnerability : CVE-2024-29156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) security update

An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OESA-2024-1330 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...

OESA-2024-1328 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...

OESA-2024-1329 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...

OESA-2024-1331 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...

OESA-2024-1332 python-yaql security update

YAQL Yet Another Query Language is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YA...

CVE-2024-29156

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

python-muranoclient (>=0.5.8 <=0.6.0), slacktivate (>=0.2.1 <=0.2.26) +1 more potentially affected by CVE-2024-29156 via yaql (>=0.2.7 <=2.0.1)

yaql PYPI version =0.2.7, =0.5.8, =0.2.1, =0.2.26 - yglu =1.1.2 Source cves: CVE-2024-29156 Source advisory: OSV:GHSA-MVF6-HWXH-7V76...

Information leakage in YAQL

YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

GHSA-MVF6-HWXH-7V76 Information leakage in YAQL

YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...