Lucene search
K

156 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.8 views

CVE-2024-32874

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.7AI score0.00767EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 3:37 p.m.29 views

CVE-2024-32874

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.5AI score0.00767EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

Frigate Security Breach

Frigate is a complete local NVR designed for home assistants with AI object detection by Blake Blackshear Personal Developer. A security vulnerability exists in Frigate versions prior to 0.13.2 that stems from the possibility that when uploading a file or retrieving a filename, a user may...

6.8CVSS6.4AI score0.00767EPSS
Exploits0References3
OSV
OSV
added 2024/05/09 3:13 p.m.42 views

GHSA-W4H6-9WRP-V5JQ Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

9.3CVSS7AI score0.00767EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/05/09 3:13 p.m.54 views

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

6.8CVSS7.1AI score0.00767EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/05/09 2:20 p.m.39 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.9AI score0.00767EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/09 2:20 p.m.31 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.7AI score0.00767EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 2:20 p.m.81 views

CVE-2024-32874

In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...

6.8CVSS6.6AI score0.00767EPSS
Exploits0References2
OSV
OSV
added 2024/05/09 2:20 p.m.23 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.4AI score0.00767EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.7 views

PT-2024-24930

Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.13.2 Description The issue arises from the lack of limitation on the length of filenames and the costly use of Unicode normalization with the form NFKD under the hood of the secure filename function. This can lead t...

6.8CVSS5.8AI score0.00767EPSS
Exploits0References16
NVD
NVD
added 2023/10/30 11:15 p.m.16 views

CVE-2023-45672

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

7.5CVSS8AI score0.01387EPSS
Exploits1References5
NVD
NVD
added 2023/10/30 11:15 p.m.35 views

CVE-2023-45670

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...

7.5CVSS7.4AI score0.00393EPSS
Exploits1References6
NVD
NVD
added 2023/10/30 11:15 p.m.45 views

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.6AI score0.01425EPSS
Exploits1References2
Prion
Prion
added 2023/10/30 11:15 p.m.22 views

Cross site request forgery (csrf)

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...

4CVSS6.5AI score0.00393EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2023/10/30 11:15 p.m.20 views

Deserialization of untrusted data

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

5.1CVSS7.9AI score0.01387EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/10/30 11:15 p.m.17 views

Cross site scripting

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4CVSS4.7AI score0.01425EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/10/30 10:49 p.m.20 views

CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

7.5CVSS8.2AI score0.01387EPSS
Exploits1References5
CVE
CVE
added 2023/10/30 10:49 p.m.56 views

CVE-2023-45672

Frigate (open source NVR) contains an unsafe deserialization vulnerability in the configuration save path. The issue arises from loading user input via http.py into load_config_with_no_duplicates using yaml.loader.Loader, which can instantiate custom constructors and execute a payload at frigate/...

7.5CVSS8AI score0.01387EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2023/10/30 10:41 p.m.69 views

CVE-2023-45671

Frigate is an open‑source network video recorder. Prior to version 0.13.0 Beta 3, a reflected cross‑site scripting (XSS) vulnerability exists in API endpoints that rely on the / base path; values in the URL are not sanitized, enabling arbitrary JavaScript execution when an authenticated user is t...

4.7CVSS5AI score0.01425EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/10/30 10:41 p.m.20 views

CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.7AI score0.01425EPSS
Exploits1References4
Rows per page
Query Builder