Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header

Summary There is missing or insecure "X-XSS-Protection" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application. Vulnerability Details CVEID: CVE-2021-20446 DESCRIPTION: IBM Maxi...

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field

Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-Content-Type-Options" header

Summary There is missing or insecure "X-Content-Type-Options" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive...

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to check for SRI (Subresource Integrity) support

Summary There is missing check for SRI Subresource Integrity support in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible the user-agent can't verify scripts from third-party services. In case of compromise of the third-party service, the...

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2, which stems from the loader...

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...

PT-2021-2011

Name of the Vulnerable Software and Affected Versions: Kaspersky Endpoint Security affected versions not specified Kaspersky Rescue Disk affected versions not specified Description: A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Input validation

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

UBUNTU-CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

Godot Input Validation Error Vulnerability

Godot is a cross-platform game engine. The engine supports the creation of 2D and 3D games through a unified interface. An input validation error vulnerability exists in Godot v3.2, which stems from a dynamic stack buffer overflow caused by the ImageLoaderTGA: loadimage line. Depending on the...

CVE-2021-23326

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

QEMU: loader: OOB access while loading registered ROM may lead to code execution

An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the romcopy routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially...

Fedora 32 : PyYAML (2021-eed7193502)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-eed7193502 advisory. - A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it process...

Command Injection in @graphql-tools/git-loader

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

GHSA-VHHW-XJVF-WPRR Command Injection in @graphql-tools/git-loader

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

Security update for gdk-pixbuf (moderate)

openSUSE Security Update: Security update for gdk-pixbuf Announcement ID: openSUSE-SU-2021:0150-1 Rating: moderate References: 1174307 1180393 Cross-References: CVE-2020-29385 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available...

Command Injection

@graphql-tools/git-loader is vulnerable to command injection. The vulnerability exist due to the usage of exec and execSync which allows the spawning of a shell...