57 matches found
Astra Linux - уязвимость в pyyaml
In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...
CVE-2025-62348
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...
EUVD-2020-2744
Malware in sbrugna...
EUVD-2021-0209
Malware in sbrugna...
EUVD-2023-27070
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...
Exploit for CVE-2025-50460
CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
PT-2024-29898 · Unknown · Kubernetes
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 3385 Description: The issue arises from the user-controlled role parameter entering the application in the Kubernetes::RoleVerificationsController. This parameter flows into the RoleConfigFile initializer and then...
RHEL 6 : pyyaml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
PYSEC-2024-7
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Embedchain Security Breach
Embedchain is an open source RAG framework from Embedchain Open Source. A security vulnerability exists in Embedchain versions prior to 0.1.57. An attacker can exploit this vulnerability to execute arbitrary code related to the parameters of the openapi.py yaml.load function...
Fedora 37 : bottles / python-vkbasalt-cli (2023-328397d034)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-328397d034 advisory. Update bottles to 51.6 and release final dependency vkbasalt-cli Tenable has extracted the preceding description block directly from the Fedora...
CVE-2023-22970
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
Remote code execution
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
CVE-2023-22970
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...
SUSE CVE-2011-4953
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...
SUSE CVE-2017-18342
In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...
Deserialization Of Untrusted Data
opensearch-ruby is vulnerable to deserialization of untrusted data. The vulnerability exists due to the unsafe deserialization of response.body data in YAML.load functionality in the verifyopensearch function of pensearch.rb...