60 matches found
Astra Linux – Vulnerability in pyyaml
In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...
CVE-2025-62348
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...
EUVD-2021-0209
Malware in sbrugna...
EUVD-2020-2744
Malware in sbrugna...
EUVD-2023-27070
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...
Exploit for CVE-2025-50460
CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
PT-2024-29898 · Unknown · Kubernetes
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 3385 Description: The issue arises from the user-controlled role parameter entering the application in the Kubernetes::RoleVerificationsController. This parameter flows into the RoleConfigFile initializer and then...
RHEL 6 : pyyaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
PYSEC-2024-7
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Embedchain Security Breach
Embedchain is an open source RAG framework from Embedchain Open Source. A security vulnerability exists in Embedchain versions prior to 0.1.57. An attacker can exploit this vulnerability to execute arbitrary code related to the parameters of the openapi.py yaml.load function...
The vulnerability of the yaml.load() component in the YAML parsing library for Python, PyYAML, allows a attacker to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the yaml.load component in the YAML parsing library for Python, PyYAML, is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
Fedora 37 : bottles / python-vkbasalt-cli (2023-328397d034)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-328397d034 advisory. Update bottles to 51.6 and release final dependency vkbasalt-cli Tenable has extracted the preceding description block directly from the Fedora...
CVE-2023-22970
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
Remote code execution
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
CVE-2023-22970
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
The vulnerability of the YAML.load() function in the YAML syntax analyzer library for the Foreman server management, configuration, and monitoring application, as well as for the Red Hat Satellite system management tool, allows a malicious actor to execute arbitrary code.
The vulnerability of the YAML.load function in the YAML syntax analyzer library for the Foreman server management, configuration, and monitoring application, as well as for the Red Hat Satellite system management tool, is related to improper code generation. Exploiting this vulnerability allows a...
SUSE CVE-2011-4953
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...