CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49332 – WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49332
17 Oct 2024 — Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. The Giveaway Boost plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme instal... • https://patchstack.com/database/vulnerability/giveaway-boost/wordpress-giveaway-boost-plugin-2-1-4-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6584 – Jetpack Boost <= 3.4.6 - Authenticated (Admin+) Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2024-6584
08 Jul 2024 — The Jetpack Boost – Website Speed, Performance and Critical CSS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.4.6 via the wp_ajax_boost_proxy_ig AJAX action. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38301
https://notcve.org/view.php?id=CVE-2023-38301
22 Apr 2024 — An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ... • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0252
https://notcve.org/view.php?id=CVE-2013-0252
12 Mar 2013 — boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. boost :: locale :: utf :: utf_traits en la biblioteca Boost Boost.Locale en Boost v1.48 hasta v1.52 no detecta correctamente ciertas secuencias UTF-8 inválidaso, lo que podría permitir a atacantes remotos eludir el mecanismo de protección mediante la manip... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2012-2677 – boost: ordered_malloc() overflow
https://notcve.org/view.php?id=CVE-2012-2677
25 Jul 2012 — Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. Desbordamiento de entero en la función de impulso ordered_malloc en boost/pool/pool.hpp en Boost Pool anterior a v3.9 hace más fácil para los atacantes dependientes de contexto llevar a cabo los ataques relacionados ... • http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2008-0172 – boost regular expression NULL dereference flaw
https://notcve.org/view.php?id=CVE-2008-0172
17 Jan 2008 — The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. La función get_repeat_type en basic_regex_creator.hpp de la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (referencia nula y c... • http://bugs.gentoo.org/show_bug.cgi?id=205955 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2008-0171 – boost regular expression memory corruption flaws
https://notcve.org/view.php?id=CVE-2008-0171
17 Jan 2008 — regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. regex/v4/perl_matcher_non_recursive.hpp en la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (fallo de aserción y caída) mediante una expresión... • http://bugs.gentoo.org/show_bug.cgi?id=205955 • CWE-20: Improper Input Validation •