6.5
CVE-2024-31992 - Mealie contains a DoS vulnerability in recipe importer
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, itβ¦
4.1
CVE-2024-31991 - Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,β¦
8.8
CVE-2024-4017 - Privilege Escalation in U-Series Appliance
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
8.8
CVE-2024-4018 - Privilege Escalation in U-Series Appliance
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
5.3
CVE-2024-1681 - Log Injection Vulnerability in corydolphin/flask-cors
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, poβ¦
2.7
CVE-2024-31450 - Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277)
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The paraβ¦
7.5
CVE-2024-32652 - @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty sβ¦
4.4
CVE-2024-3979 - COVESA vsomeip race condition
A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. β¦
0.0
CVE-2024-4012 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-2440 - Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached.Β This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 aβ¦