CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-0035

Malware in sbrugna...

7.5CVSS6.2AI score0.0057EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-4801

Malware in sbrugna...

6.8CVSS6.4AI score0.00429EPSS

Exploits0References5

OSV•added 2021/12/09 6:35 p.m.•20 views

GHSA-GGMR-44CV-24PM Code injection via unsafe YAML loading

Impact Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to...

7.8CVSS7.7AI score0.08717EPSS

Exploits0References6

PyPA•added 2021/02/09 9:15 p.m.•4 views

PYSEC-2021-142

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS8.2AI score0.13704EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2020/09/10 12:0 a.m.•24 views

Debian DLA-2368-1 : grunt security update

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt...

7.1CVSS7.5AI score0.02419EPSS

Exploits1References4

OSV•added 2018/01/31 2:11 p.m.•1 views

USN-3553-1 ruby2.3 vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...

9.8CVSS7.1AI score0.20215EPSS

Exploits4References4

NVD•added 2013/11/05 6:55 p.m.•7 views

CVE-2013-4438

Salt aka SaltStack before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe...

7.5CVSS7.5AI score0.0057EPSS

Exploits0References2

OSV•added 2013/11/05 6:55 p.m.•18 views

PYSEC-2013-13

7.5CVSS7.4AI score0.0057EPSS

Exploits0References2

UbuntuCve•added 2013/11/05 6:55 p.m.•16 views

CVE-2013-4438

7.5CVSS6AI score0.0057EPSS

Exploits0References4

Debian CVE•added 2013/11/05 6:0 p.m.•18 views

CVE-2013-4438

Removed by vendor...

7.5CVSS6.7AI score0.0057EPSS

Exploits0

UbuntuCve•added 2013/10/25 11:55 p.m.•21 views

CVE-2013-4957

The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type...

6.8CVSS6AI score0.00429EPSS

Exploits0References5

CVE•added 2013/10/25 11:0 p.m.•42 views

CVE-2013-4957

The CVE affects Puppet Enterprise prior to 3.0.1, where the dashboard report handling allows an attacker to execute arbitrary YAML code through a crafted report-specific type. The root cause is processing of the report-specific type in the dashboard/report generation flow, enabling code execution...

6.8CVSS7.5AI score0.00429EPSS

Exploits0References4Affected Software1