Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-6285
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.6.2
4.3
CVSSv2
CVE-2018-20573
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.6.2
4.3
CVSSv2
CVE-2018-20574
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.6.2
5
CVSSv2
CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Yaml Project Yaml 3.0.0
Netapp Astra Trident -
2 Github repositories
4.6
CVSSv2
CVE-2019-3575
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
Sqla Yaml Fixtures Project Sqla Yaml Fixtures 0.9.1
7.5
CVSSv2
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy prior to 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because l...
Mlalchemy Project Mlalchemy 0.1.1
Mlalchemy Project Mlalchemy 0.1.2
Mlalchemy Project Mlalchemy 0.1.3
Mlalchemy Project Mlalchemy 0.2.0
Mlalchemy Project Mlalchemy 0.2.1
7.5
CVSSv2
CVE-2017-16618
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin prior to 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where saf...
Owlmixin Project Owlmixin
Owlmixin Project Owlmixin 2.0.0
7.5
CVSSv2
CVE-2017-16616
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI prior to 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been use...
Pyanyapi Project Pyanyapi
7.5
CVSSv2
CVE-2017-16763
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in...
Confire Project Confire 0.2.0
NA
CVE-2023-47163
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Remarshal Project Remarshal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »