5580 matches found
Command Injection
Overview Affected versions of @graphql-tools/git-loader package are vulnerable to Command Injection. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. Recommendation Upgrade to fix version 6.2.6 or later References - Snyk Advisory - CVE -...
Arbitrary Code Execution
jinjava is vulnerable to arbitrary code execution. An attacker is able to gain access to arbitrary classes via objects that are passed to the Jinjava context through the application class loader...
CVE-2020-12668
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
CVE-2020-12668
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
Arbitrary file deletion
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
CVE-2020-12668
This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
ALPINE-CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
Code injection
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
Design/Logic Flaw
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
UBUNTU-CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
UBUNTU-CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
CVE-2021-27138
CVE-2021-27138 affects the boot loader in Das U-Boot prior to 2021.04-rc2, where the FIT handling of unit addresses is flawed. Publicly documented in multiple ecosystem advisories, the issue can enable security risks with impact on confidentiality, integrity, and availability (CVSS 3.1 base 7.8)....
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
CVE-2021-27097
CVE-2021-27097 concerns the boot loader in Das U-Boot prior to 2021.04-rc2, which mishandles a modified FIT. Several third-party advisories (Debian DLA-4320-1, OpenVAS/Nessus reports) reference this CVE alongside CVE-2021-27138 and confirm that vulnerable U-Boot variants exist in multiple distrib...
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...