11 matches found
EUVD-2023-0249
Malicious code in bioql PyPI...
EUVD-2022-4613
Malicious code in bioql PyPI...
EUVD-2023-56110
Malicious code in bioql PyPI...
CVE-2023-51389
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2024-39780 Use of unsafe yaml load in dynparam
A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...
CVE-2024-39780
Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...
CVE-2023-51389 HertzBeat SnakeYAML Deser RCE
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51389
CVE-2023-51389 affects Hertzbeat, a real-time monitoring system. The vulnerability resides at the /define/yml interface, where SnakeYAML is used to parse YAML without a security configuration, enabling YAML deserialization. Affects versions prior to 1.4.1; version 1.4.1 fixes the issue. The issue...
CVE-2022-47986 IBM Aspera Faspex code execution
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...
Amazon Linux AMI : ruby24 / ruby22,ruby23 (ALAS-2018-978)
Unsafe object deserialization through YAML formatted gem specifications : A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code ...
Medium: ruby24, ruby22, ruby23
Issue Overview: Unsafe object deserialization through YAML formatted gem specifications: A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute...