Lucene search
K

34 matches found

Prion
Prion
added 2020/02/06 3:15 p.m.13 views

Buffer overflow

Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name...

4.6CVSS7.5AI score0.00405EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/06 2:3 p.m.17 views

CVE-2014-8271

Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name...

6.8AI score0.00405EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/11/27 4:54 p.m.37 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.9AI score0.04526EPSS
Exploits0
NVD
NVD
added 2019/08/22 5:15 p.m.32 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS6.9AI score0.0151EPSS
Exploits0References2
OSV
OSV
added 2019/08/22 5:15 p.m.16 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7.2CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2019/08/22 5:15 p.m.21 views

Design/Logic Flaw

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

6.4CVSS6.8AI score0.0151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/22 4:12 p.m.37 views

CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

7AI score0.0151EPSS
Exploits0References2
OSV
OSV
added 2019/02/23 12:29 p.m.3 views

DEBIAN-CVE-2019-9026

An issue was discovered in libmatio.a in matio aka MAT File I/O Library 1.5.13. There is a heap-based buffer overflow in the function InflateVarName in inflate.c when called from ReadNextCell in mat5.c...

7.5CVSS7.8AI score0.01787EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.49 views

RHEL 6 : php (RHSA-2016:1609) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

8.1CVSS6.8AI score0.50427EPSS
Exploits0References3
Amazon
Amazon
added 2016/08/01 12:0 a.m.73 views

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

9.8CVSS9.2AI score0.50427EPSS
Exploits11
UbuntuCve
UbuntuCve
added 2016/07/25 12:0 a.m.31 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.04526EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2015/10/27 12:0 a.m.2 views

OpenEMR globals.php Authentication Bypass (CVE-2015-4453)

An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...

5CVSS2.7AI score0.02874EPSS
Exploits1
Prion
Prion
added 2010/08/20 8:0 p.m.17 views

Default configuration

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PSUNDEFMARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name...

5CVSS7AI score0.0219EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2009/09/28 10:0 p.m.16 views

CVE-2009-3435

Cross-site scripting XSS vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name...

5.7AI score0.01065EPSS
Exploits0References5
Rows per page
Query Builder