Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yaml project yaml vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-2809
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault prior to 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
Ansible-vault Project Ansible-vault
7.5
CVSSv3
CVE-2017-11692
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and previous versions allows remote malicious users to cause a denial of service (assertion failure and application exit) via a '!2' string.
Yaml-cpp Project Yaml-cpp
5.5
CVSSv3
CVE-2017-5950
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Yaml-cpp Project Yaml-cpp 0.5.3
NA
CVE-2013-4660
The JS-YAML module prior to 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote malicious users to execute arbitrary code via a crafted string that triggers an eval operation.
Js-yaml Project Js-yaml
Js-yaml Project Js-yaml 0.2.2
Js-yaml Project Js-yaml 2.0.0
Js-yaml Project Js-yaml 1.0.1
Js-yaml Project Js-yaml 0.3.2
Js-yaml Project Js-yaml 0.3.3
Js-yaml Project Js-yaml 2.0.2
Js-yaml Project Js-yaml 0.2.0
Js-yaml Project Js-yaml 0.3.0
Js-yaml Project Js-yaml 2.0.1
Js-yaml Project Js-yaml 1.0.2
Js-yaml Project Js-yaml 1.0.0
Js-yaml Project Js-yaml 0.3.4
Js-yaml Project Js-yaml 0.3.5
Js-yaml Project Js-yaml 1.0.3
Js-yaml Project Js-yaml 0.2.1
Js-yaml Project Js-yaml 0.3.6
Js-yaml Project Js-yaml 2.0.3
Js-yaml Project Js-yaml 0.3.1
Js-yaml Project Js-yaml 0.3.7
1 EDB exploit
1 Github repository
NA
CVE-2013-0175
multi_xml gem 0.5.2 for Ruby, as used in Grape prior to 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Erik Michaels-ober Multi Xml 0.5.2
Grape Project Grape 0.2.4
Grape Project Grape 0.2.0
Grape Project Grape 0.1.5
Grape Project Grape 0.1.4
Grape Project Grape 0.2.2
Grape Project Grape 0.2.3
Grape Project Grape 0.2.5
Grape Project Grape 0.1.2
Grape Project Grape 0.1.3
Grape Project Grape 0.2.1
Grape Project Grape 0.1.1
Grape Project Grape 0.1.0
NA
CVE-2013-0285
The nori gem 2.0.x prior to 2.0.2, 1.1.x prior to 1.1.4, and 1.0.x prior to 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory a...
Nori Gem Project Nori Gem 2.0.0
Nori Gem Project Nori Gem 2.0.1
Nori Gem Project Nori Gem 1.1.2
Nori Gem Project Nori Gem 1.1.3
Nori Gem Project Nori Gem 1.1.0
Nori Gem Project Nori Gem 1.1.1
Nori Gem Project Nori Gem 1.0.2
Nori Gem Project Nori Gem 1.0.0
Nori Gem Project Nori Gem 1.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5