932 matches found
CVE-2021-3116
beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...
CVE-2020-9434
opensslx509checkipasc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses luapushboolean for certain non-boolean return values...
kernel: drm/amd/display: Increase array size of dummy_boolean
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummyboolean WHY dml2coresharedmodesupport and dmlcoremodesupport access the third element of dummyboolean, i.e. hwdebug5 = &s-dummyboolean2, when dummyboolean has size of 2. Any assignment...
CVE-2025-3767 SQL Injection in Centreon BAM boolean KPI listing
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon BAM Boolean KPi Listing modules allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1,...
PT-2025-7493 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based blind SQL Injection vulnerability exists in the EditEventAttendees functionality, allowing an attacker to execute arbitrary SQL queries. The EID parameter is directly concatenat...
USN-7216-1 tqdm vulnerability
It was discovered that tqdm did not properly sanitize non-boolean CLI Arguments. A local attacker could possibly use this issue to execute arbitrary code on the host. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-34062...
CVE-2024-50584
An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...
PT-2024-34340 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions affected versions not specified Description: An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the "/class/template io.php" file and supplying malicious GET parameters. The...
SUSE-SU-2024:4006-1 Security update for SUSE Manager Server 4.3
This update fixes the following issues: cobbler: - Security issues fixed: CVE-2024-47533: Prevent privilege escalation from none to admin bsc1231332 - Other bugs fixed: Increase start timeout for cobblerd unit bsc1219450 Provide syncsinglesystem for DHCP modules to improve performance bsc1219450...
ZoneMinder SQL注入漏洞
ZoneMinder is an open source video surveillance software system from ZoneMinder Open Source. The system supports IP, USB, and analog cameras, among others. A SQL injection vulnerability exists in ZoneMinder 1.37.64 and previous versions 1.37.X. The vulnerability stems from web/ajax/event.php bein...
PT-2024-7538
Name of the Vulnerable Software and Affected Versions ZoneMinder versions 1.37. through 1.37.64 Description The issue is related to a boolean-based SQL injection vulnerability in the web/ajax/event.php function of ZoneMinder. This vulnerability arises from a lack of input validation for the tagId...
SUSE CVE-2024-49971
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummyboolean WHY dml2coresharedmodesupport and dmlcoremodesupport access the third element of dummyboolean, i.e. hwdebug5 = &s-dummyboolean2, when dummyboolean has size of 2. Any assignment...
AZL-52122 CVE-2024-49971 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummyboolean WHY dml2coresharedmodesupport and dmlcoremodesupport access the third element of dummyboolean, i.e. hwdebug5 = &s-dummyboolean2, when dummyboolean has size of 2. Any assignment...
DEBIAN-CVE-2024-49971
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummyboolean WHY dml2coresharedmodesupport and dmlcoremodesupport access the third element of dummyboolean, i.e. hwdebug5 = &s-dummyboolean2, when dummyboolean has size of 2. Any assignment...
AZL-52053 CVE-2024-49971 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummyboolean WHY dml2coresharedmodesupport and dmlcoremodesupport access the third element of dummyboolean, i.e. hwdebug5 = &s-dummyboolean2, when dummyboolean has size of 2. Any assignment...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an out-of-bounds access to the dummyboolean array in the drm/amd/display subsystem, which could cause the...
MAL-2024-9524 Malicious code in boolean-point-in-polygon (npm)
--- -= Per source details. Do not edit below this line.=-...
U.S. Dept Of Defense: SQL Injection
The application was found to have a blind SQL injection vulnerability in the 'filterevent' parameter. The vulnerability allowed an attacker to manipulate database queries and extract sensitive information from the database through time-based or boolean-based techniques, as the injection was blind...
CVE-2024-6835
CVE-2024-6835 affects Ivory Search – WordPress Search Plugin, with information exposure in the ajax_load_posts path affecting all versions up to 5.5.6. Unauthenticated attackers could extract text from password-protected posts via a boolean-based attack on the AJAX search form. Public reviews/ent...
PT-2024-37894 · WordPress · The Ivory Search
Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract text data from password-protected posts using a boolean-based attack on the AJAX search form...