CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/02/17 10:36 p.m.•124 views

CVE-2021-27097

CVE-2021-27097 concerns the boot loader in Das U-Boot prior to 2021.04-rc2, which mishandles a modified FIT. Several third-party advisories (Debian DLA-4320-1, OpenVAS/Nessus reports) reference this CVE alongside CVE-2021-27138 and confirm that vulnerable U-Boot variants exist in multiple distrib...

7.8CVSS7.3AI score0.01037EPSS

Exploits0References4Affected Software1

Debian CVE•added 2021/02/17 10:36 p.m.•24 views

CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...

7.8CVSS7.7AI score0.01037EPSS

AlpineLinux•added 2021/02/17 10:36 p.m.•27 views

CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...

7.8CVSS7.5AI score0.01037EPSS

IBM Security Bulletins•added 2021/02/17 5:58 p.m.•22 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header

Summary There is missing or insecure "X-XSS-Protection" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application. Vulnerability Details CVEID: CVE-2021-20446 DESCRIPTION: IBM Maxi...

5.4CVSS1.1AI score0.00502EPSS

IBM Security Bulletins•added 2021/02/17 5:57 p.m.•18 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field

Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...

6.5CVSS1.2AI score0.01139EPSS

IBM Security Bulletins•added 2021/02/17 5:45 p.m.•13 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-Content-Type-Options" header

Summary There is missing or insecure "X-Content-Type-Options" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive...

6.1CVSS0.9AI score0.00661EPSS

IBM Security Bulletins•added 2021/02/17 5:43 p.m.•17 views

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to check for SRI (Subresource Integrity) support

Summary There is missing check for SRI Subresource Integrity support in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible the user-agent can't verify scripts from third-party services. In case of compromise of the third-party service, the...

8.8CVSS1.3AI score0.00826EPSS

Positive Technologies•added 2021/02/17 12:0 a.m.•5 views

PT-2021-2011

Name of the Vulnerable Software and Affected Versions: Kaspersky Endpoint Security affected versions not specified Kaspersky Rescue Disk affected versions not specified Description: A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of...

6.8CVSS5.8AI score0.00231EPSS

Exploits0References7

CNNVD•added 2021/02/17 12:0 a.m.•5 views

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...

7.8CVSS7.1AI score0.01095EPSS

CNNVD•added 2021/02/17 12:0 a.m.•4 views

Das U-Boot 安全漏洞

7.8CVSS7.1AI score0.01037EPSS

NVD•added 2021/02/09 9:15 p.m.•24 views

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS0.05984EPSS

Exploits0References5

OSV•added 2021/02/09 9:15 p.m.•42 views

CVE-2020-14343

9.8CVSS5AI score

Exploits0References5

Prion•added 2021/02/09 9:15 p.m.•28 views

Input validation

10CVSS9.6AI score0.05984EPSS

Exploits1References5Affected Software2

OSV•added 2021/02/09 9:15 p.m.•1 views

UBUNTU-CVE-2020-14343

9.8CVSS7.5AI score0.05984EPSS

AlpineLinux•added 2021/02/09 12:0 a.m.•41 views

CVE-2020-14343

10CVSS8.4AI score0.05984EPSS

CNNVD•added 2021/02/08 12:0 a.m.•5 views

Godot Input Validation Error Vulnerability

Godot is a cross-platform game engine. The engine supports the creation of 2D and 3D games through a unified interface. An input validation error vulnerability exists in Godot v3.2, which stems from a dynamic stack buffer overflow caused by the ImageLoaderTGA: loadimage line. Depending on the...

7.8CVSS6.3AI score0.01505EPSS

Exploits0References3

RedhatCVE•added 2021/02/04 4:22 p.m.•17 views

CVE-2021-23326

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

8.8CVSS4.3AI score0.02814EPSS

Exploits0References3

RedHat Linux•added 2021/02/02 12:6 p.m.•1 views

QEMU: loader: OOB access while loading registered ROM may lead to code execution

An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the romcopy routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially...

6.8CVSS7.5AI score0.02409EPSS