Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.30 views

Improper Input Validation

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

6.8CVSS8AI score0.02174EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2020/07/29 3:33 p.m.2 views

Arbitrary Code Execution

Overview jingo is a git based wiki engine written for node.js, with a decent design, a search capability and a good typography. Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function yaml.load of the package js-yaml instead of its...

8.3CVSS7AI score
Exploits0References2
Prion
Prion
added 2018/06/19 5:29 a.m.18 views

Remote code execution

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

6.5CVSS9AI score0.02471EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/08/24 12:0 a.m.30 views

Fedora 25 : python-tablib (2017-fe04b06b64)

Latest upstream, including the yaml.safeload fix for CVE-2017-2810. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS8AI score0.0487EPSS
Exploits2References2
Rows per page
Query Builder