EUVD-2013-0035

Malware in sbrugna...

PYSEC-2021-142

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Debian DLA-2368-1 : grunt security update

It was discovered that there was a arbitrary code execution vulnerability in grunt, a JavaScript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 'Stretch', this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt...

USN-3553-1 ruby2.3 vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...

CVE-2013-4957

The CVE affects Puppet Enterprise prior to 3.0.1, where the dashboard report handling allows an attacker to execute arbitrary YAML code through a crafted report-specific type. The root cause is processing of the report-specific type in the dashboard/report generation flow, enabling code execution...