USN-5944-1: SnakeYAML vulnerabilities

Read Time:36 Second

It was discovered that SnakeYAML did not limit the maximal nested depth
for collections when parsing YAML data. If a user or automated system were
tricked into opening a specially crafted YAML file, an attacker could
possibly use this issue to cause applications using SnakeYAML to crash,
resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749,
CVE-2022-38750)

It was discovered that SnakeYAML did not limit the maximal data matched
with regular expressions when parsing YAML data. If a user or automated
system were tricked into opening a specially crafted YAML file, an
attacker could possibly use this issue to cause applications using
SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751)

Threat Actors Shift to JavaScript-Based Phishing Attacks

Cybersecurity Incident Affects Arkansas City Water Treatment Facility

Warnings after new Valencia ransomware group strikes businesses and leaks data

New Octo2 Malware Variant Threatens Mobile Banking Security

The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab

14 Million Patients Impacted by US Healthcare Data Breaches in 2024

#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations

Citing security fears, Ukraine bans Telegram on government and military devices

Israel’s Pager Attacks and Supply Chain Vulnerabilities

USN-5944-1: SnakeYAML vulnerabilities

php-8.3.12-1.fc40

php-8.3.12-1.fc41

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

USN-7033-1: Intel Microcode vulnerabilities

GLSA 202409-25: Xpdf: Multiple Vulnerabilities

xen-4.17.5-2.fc39