Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38752
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Snakeyaml Project Snakeyaml
2 Github repositories
NA
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
NA
CVE-2022-38750
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
NA
CVE-2022-38751
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
445
VMScore
CVE-2022-29215
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions before 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for th...
Regionprotect Project Regionprotect
446
VMScore
CVE-2022-28948
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
Yaml Project Yaml 3.0.0
Netapp Astra Trident -
2 Github repositories
801
VMScore
CVE-2021-43837
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions prior to 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the res...
Vault-cli Project Vault-cli
356
VMScore
CVE-2021-39194
kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This cou...
Kaml Project Kaml
578
VMScore
CVE-2021-39132
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted proj...
Pagerduty Rundeck
445
VMScore
CVE-2021-36793
The routes (aka Extbase Yaml Routes) extension prior to 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output.
Routes Project Routes
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »