4 results (0.001 seconds)

CVSS: 5.5EPSS: %CPEs: 1EXPL: 0

CVE-2024-6584 – Jetpack Boost <= 3.4.6 - Authenticated (Admin+) Server-Side Request Forgery

https://notcve.org/view.php?id=CVE-2024-6584

The Jetpack Boost – Website Speed, Performance and Critical CSS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.4.6 via the wp_ajax_boost_proxy_ig AJAX action. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2013-0252

https://notcve.org/view.php?id=CVE-2013-0252

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. boost :: locale :: utf :: utf_traits en la biblioteca Boost Boost.Locale en Boost v1.48 hasta v1.52 no detecta correctamente ciertas secuencias UTF-8 inválidaso, lo que podría permitir a atacantes remotos eludir el mecanismo de protección mediante la manipulación de determinados bytes. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html http://www.boost.org/users/news/boost_locale_security_notice.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:065 http://www.openwall.com/lists/oss-security/2013/02/04/2 http://www.securityfocus • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 2

CVE-2008-0171 – boost regular expression memory corruption flaws

https://notcve.org/view.php?id=CVE-2008-0171

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. regex/v4/perl_matcher_non_recursive.hpp en la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (fallo de aserción y caída) mediante una expresión regular inválida. • http://bugs.gentoo.org/show_bug.cgi?id=205955 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28511 http://secunia.com/advisories/28527 http://secunia.com/advisories/28545 http://secunia.com/advisories/28705 http://secunia.com/advisories/28860 http://secunia.com/advisories/28943 http://secunia.com/advisories/29323 http://secunia.com/advisories/48099 http://svn.boost.org/trac/boost/changeset/42674 http://svn.boost • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 2%CPEs: 6EXPL: 0

CVE-2008-0172 – boost regular expression NULL dereference flaw

https://notcve.org/view.php?id=CVE-2008-0172

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. La función get_repeat_type en basic_regex_creator.hpp de la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (referencia nula y caída) mediante una expresión regular inválida. • http://bugs.gentoo.org/show_bug.cgi?id=205955 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28511 http://secunia.com/advisories/28527 http://secunia.com/advisories/28545 http://secunia.com/advisories/28705 http://secunia.com/advisories/28860 http://secunia.com/advisories/28943 http://secunia.com/advisories/29323 http://secunia.com/advisories/48099 http://svn.boost.org/trac/boost/changeset/42674 http://svn.boost • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •