6 matches found
Improper Resource Locking
Overview pterodactyl/panel is a game management panel. Affected versions of this package are vulnerable to Improper Resource Locking due to the validation occuring early in the request cycle and not locking the target resource while it is processing. An attacker can exhaust system resources and...
EUVD-2024-54889
Malicious code in bioql PyPI...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the WebSocket endpoint /api/v2/ws/logs, which is not protected by the authentication middleware even when authentication is enabled. An attacker can access real-time application logs, including internal file...
PT-2022-25647 · Pilz · Pasvisu Server
Name of the Vulnerable Software and Affected Versions: Pilz PASvisu Server versions prior to 1.12.0 Description: A path traversal vulnerability was discovered, allowing an unauthenticated remote attacker to use a zipped, malicious configuration file to trigger arbitrary file writes, also known as...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
GHSA-395W-QHQR-9FR6 Path Traversal in Apache Flink
A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...