EUVD-2020-0160

Malware in sbrugna...

SWIFT 安全漏洞

SWIFT is a large model and multimodal large model fine-tuning deployment framework from ModelScope open source. A security vulnerability exists in SWIFT version 3.3.0, which stems from an unsafe deserialization of yaml.load in the PyYAML library, which could lead to arbitrary code execution...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2021:2583)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2583 advisory. - A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YA...

Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2021-2583)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2583 advisory. - Rebase to version 5.4.1 to fix CVE-2020-14343 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

GHSA-6757-JP84-GXFX Improper Input Validation in PyYAML

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-14343

Summary (fact-grounded): CVE-2020-14343 is a PyYAML-related RCE vulnerability affecting PyYAML versions before 5.4, triggered when untrusted YAML data is processed with full_load or FullLoader, via the python/object/new constructor. Several connected sources corroborate the issue and its connecti...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw...

The vulnerability of the full_load method and the FullLoader loader from the PyYAML library allows a attacker to execute arbitrary code.

The vulnerability of the fullload method and the FullLoader loader from the PyYAML library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2019-20477

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. ...

MGASA-2020-0155 Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

Updated python-yaml packages fix security vulnerability

Updated python-yaml packages fix security vulnerability: A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to...

CVE-2020-1747

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-1747

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-1747

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. ...

DEBIAN-CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib

Vulnerabilities discovered by Cory Duplantis of Talos.Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language YAML content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML...