41 matches found
Fedora 41 : perl-YAML-Syck (2025-568b5b6ddc)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-568b5b6ddc advisory. This update addresses a flaw in which processing a specially-crafted YAML document could lead to accessing information outside of the document itself and hen...
EUVD-2023-2362
Malicious code in bioql PyPI...
EUVD-2024-36559
Malicious code in bioql PyPI...
EUVD-2022-7537
Malicious code in bioql PyPI...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
BIT-ELK-2024-37285 Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
Elastic Kibana 代码问题漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A code issue vulnerability exists in Elastic Kibana that stems from a deserialization issue that can be triggered by Kibana when it attempts to parse a YAML document that contains a carefully crafted payload. An...
Kibana < 8.15.1 (ESA-2024-27)
The version of Kibana installed on the remote host is prior to 8.15.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-27 advisory. - A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a craft...
BIT-KIBANA-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
BIT-ELK-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html and...
Esoteric YamlBeans XML Entity Expansion vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
Esoteric YamlBeans Unsafe Deserialization vulnerability
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24620
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size,...
CVE-2022-3064
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...