4.2
CVE-2024-5891 - Quay: unauthorized user may authenticate via oauth application token
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, inβ¦
0.0
CVE-2024-35329 - libyaml: vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
2.7
CVE-2024-22261 - SQL Injection in Harbor scan log API
SQL-Injection in Harbor allows priviledge users to leak the task IDs
4.3
CVE-2024-22244 - Harbor Open Redirect URL
Open Redirect in HarborΒ <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
6.8
CVE-2022-37020 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
6.8
CVE-2022-37019 - HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
7.5
CVE-2024-36471 - Apache Allura: sensitive information exposure via DNS rebinding
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.Β Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users areβ¦
5.3
CVE-2024-37169 - @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol `http` or `https`β¦
8.9
CVE-2024-37166 - ghtml Cross-Site Scripting (XSS) vulnerability
ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated dβ¦
0.0
CVE-2024-5825 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.