Astra Linux - уязвимость в pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.4. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process untrust...

NewStart CGSL MAIN 6.06 (SP) : PyYAML Vulnerability (NS-SA-2026-0019)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has PyYAML packages installed that are affected by a vulnerability: - scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service asserti...

Hackviser

Hackviser — Scenario Writeups A collection of detailed writeu...

docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

GHSA-VQXF-V2GG-X3HC docling-core vulnerable to Remote Code Execution via unsafe PyYAML usage

Impact A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core =2.21.0, 2.48.4 and, specifically only if the application uses pyyaml 5.4 and invokes doclingcore.types.doc.DoclingDocument.loadfromyaml passing it untrusted YAML data. Patches The...

Deserialization of Untrusted Data

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the loadfromyaml function. An attacker can execute arbitrary code by providing malicious YAML input to the...

CVE-2026-24009

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

CVE-2026-24009

CVE-2026-24009: Docling Core contains a PyYAML deserialization flaw enabling RCE in versions 2.21.0–2.48.3 when untrusted YAML is loaded via docling_core.types.doc.DoclingDocument.load_from_yaml() with PyYAML = 5.4. Severity data indicate high risk (CVSSv3.1: HIGH/CRITICAL depending on metric; ne...

CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

EUVD-2026-3807

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

MiracleLinux 8 : python38:3.8 (AXSA:2021-2388:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2388:01 advisory. PyYAML: incomplete fix for CVE-2020-1747 CVE-2020-14343 Modularity name: python38 Stream name: 3.8 Tenable has extracted the preceding description block...

MiracleLinux 8 : python38:3.8 (AXSA:2021-1517:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1517:01 advisory. PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 python: infinite loop in the tarfile module via craft...

EUVD-2020-0160

Malware in sbrugna...

EUVD-2018-0128

Malware in sbrugna...

EUVD-2020-0159

Malware in sbrugna...

EUVD-2025-23369

Malicious code in bioql PyPI...

NewStart CGSL MAIN 6.06 : PyYAML Vulnerability (NS-SA-2025-0215)

The remote NewStart CGSL host, running version MAIN 6.06, has PyYAML packages installed that are affected by a vulnerability: - scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion...

[Important] [Security] Vulnerability Fixes in urllib3, PyYAML, and Pillow (CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271) for VzLinux 7.9

This update fixes the vulnerabilities in urllib3, PyYAML, and Pillow, which are registered as CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : git, git-lfs, obs-scm-bridge, python-PyYAML (SUSE-SU-2025:03012-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03012-1 advisory. git was updated from version 2.43.0 to 2.51.0 bsc1243197: - Security issues fixed: CVE-2025-276...

security update for git, git-lfs, obs-scm-bridge, python-PyYAML

This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 bsc1243197: Security issues fixed: CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitkbsc1245938 CVE-2025-27614 Fixed arbitrary script...