Astra Linux - уязвимость в pyyaml

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions due to a class deserialization issue. For example, Popen is a class in the subprocess module. NOTE: This issue exists because of an incomplete fix for CVE-2017-18342...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

openSUSE Security Advisory (SUSE-SU-2024:1639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Mageia: Security Advisory (MGASA-2020-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0125)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0119)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0119 Updated python-yaml packages fix security vulnerability

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

Code Injection in ewels/multiqc

Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...

MGASA-2020-0155 Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

DEBIAN-CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

MGASA-2019-0125 Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

Updated python-yaml packages fix security vulnerability

It was found that using yaml.load API on untrusted input could lead to arbitrary code execution CVE-2017-18342...

FastIR Collector - Windows Incident Response Tool

This tool collects different artefacts on live Windows and records the results in csv files. With the analyses of this artefacts, an early compromission can be detected. Requirements pywin32 python WMI python psutil python yaml construct distorm3 hexdump pytz Execution ./fastIRx64.py -h for help...

Debian DLA-127-1 : pyyaml security update

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. NOTE: Tenabl...

MGASA-2015-0004 Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using...

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using...

[SECURITY] [DLA 127-1] pyyaml security update

Package : pyyaml Version : 3.09-5+deb6u1 CVE ID : CVE-2014-9130 Debian Bug : 772815 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into...