Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/23 6:14 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded expansion of YAML aliases during the process. An attacker can exhaust system resources, causing CPU and memory consumption to spike, by providing crafted YAML input containing deeply nested or...

6.9CVSS5.9AI score0.00211EPSS
Exploits1References3
Snyk
Snyk
added 2025/08/14 12:5 a.m.2 views

Use of Uninitialized Resource

Overview github.com/helm/helm/pkg/repo is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malform...

7.1CVSS6.9AI score0.00311EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 5:29 a.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/12 5:45 p.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to SnakeYAML (CVE-2022-38752)

Summary IBM Sterling Partner Engagement Manager uses SnakeYAML. Vulnerability Details CVEID:CVE-2022-38752 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...

6.5CVSS7.2AI score0.02091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:38 p.m.42 views

Security Bulletin: IBM Spectrum Symphony snakeYAML various vulnerabilities

Summary IBM Spectrum Symphony snakeYAML various vulnerabilities Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker coul...

9.8CVSS9AI score0.99615EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 8:52 p.m.38 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in SnakeYAML

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of SnakeYAML. Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a...

9.8CVSS9.1AI score0.99615EPSS
Exploits11Affected Software1
NVD
NVD
added 2022/12/27 10:15 p.m.18 views

CVE-2022-3064

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...

7.5CVSS0.017EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2020/08/31 10:51 p.m.89 views

Heap Based Buffer Overflow in libyaml

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags. Recommendation - Update to version 0.2.3 that includes a version of...

6.8CVSS5.1AI score0.09312EPSS
Exploits0References25Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/18 9:12 p.m.9 views

kubernetes: Denial of service in API server via crafted YAML payloads by authorized users

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS7.3AI score0.0236EPSS
Exploits0References5
OSV
OSV
added 2020/04/01 9:15 p.m.24 views

CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

6.5CVSS6.5AI score
Exploits0References3
Rows per page
Query Builder