SUSE CVE-2011-4953

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

Improper Input Validation

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

Arbitrary Code Execution

Overview jingo is a git based wiki engine written for node.js, with a decent design, a search capability and a good typography. Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function yaml.load of the package js-yaml instead of its...

PYSEC-2020-341

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

DEBIAN-CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...

PT-2020-10463 · Ruamel +2 · Ruamel.Yaml +2

Name of the Vulnerable Software and Affected Versions: ruamel.yaml versions prior to 0.16.8 Description: The issue allows remote code execution when the load method is called with an untrusted argument, affecting developers who do not use safe methods like safe load. Recommendations: For versions...

PT-2018-3945 · Pyyaml +1 · Pyyaml +1

Name of the Vulnerable Software and Affected Versions: PyYAML versions prior to 5.1 Description: The issue is related to the yaml.load API, which could execute arbitrary code if used with untrusted data. This could allow a remote attacker to access confidential data, compromise its integrity, and...

Remote code execution

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

CVE-2017-16615

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...

Fedora 25 : python-tablib (2017-fe04b06b64)

Latest upstream, including the yaml.safeload fix for CVE-2017-2810. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

UBUNTU-CVE-2017-2292

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...

DEBIAN-CVE-2017-2292

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safeload, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safeload on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a...