Lucene search
+L

31 matches found

UbuntuCve
UbuntuCve
added 2023/08/14 9:15 p.m.29 views

CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS6.1AI score0.00388EPSS
Exploits0References8
OSV
OSV
added 2023/08/14 9:15 p.m.3 views

UBUNTU-CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS5.9AI score0.00388EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/08/14 8:17 p.m.32 views

CVE-2023-39950 Insufficient input validation in efibootguard

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS6.4AI score0.00388EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.8 views

ToUI 安全漏洞

ToUI is a Python package for creating user interfaces websites and desktop applications from HTML. A security vulnerability exists in ToUI versions 2.0.1 through 2.4.0 that stems from the use of the website.uservars attribute...

9.1CVSS7.6AI score0.00651EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.5 views

SUSE CVE-2010-3834

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable...

4CVSS6.5AI score0.0221EPSS
Exploits0References3
CNVD
CNVD
added 2022/11/30 12:0 a.m.41 views

WordPress Checkout Field Editor for WooCommerce plugin deserialization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor Checkout Manager version 1.8.0 or earlier is...

7.2CVSS1.4AI score0.01141EPSS
Exploits2References1
OSV
OSV
added 2021/08/31 4:15 p.m.6 views

CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution...

8.8CVSS7.5AI score0.02939EPSS
Exploits0References3
rdot
rdot
added 2011/01/27 12:0 a.m.17 views

Ускоритель MySQL-inj

Если данный способ уже где-то описан - прошу кинуть ссылочки. Метод был существенно доработан - читай мой пост ниже! Хочу рассказать вам о новой может я что-то пропустил? технике вывода данных при MySQL injection. Дело в том, что очень неудобно когда при наличии уязвимости в результате мы можем...

0.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/11/03 8:18 p.m.12 views

MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

4CVSS5.8AI score0.03391EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2005/04/18 12:0 a.m.31 views

coppermine -- IP spoofing and XSS vulnerability

GHC team reports about coppermine The lack of sanitizing of user defined variables may result in undesirable consequences such as IP spoofing or XSS attack. Generally users of Coppermine Gallery can post comments. Remote address & x-forwarded-for variables are logged for admin's eyes...

4.3CVSS5.9AI score0.01177EPSS
Exploits0References2
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.49 views

Переполнение буфера в sastcpd (buffer overflow)

переполнение буфера, ошибка форматной строки, использование переменных пользователя для запуска внешних приложений...

2.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder