Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-14
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.
Max CVSS
8.7
EPSS Score
0.07%
Published
2024-01-31
Updated
2024-02-09
Remote Desktop Client Remote Code Execution Vulnerability
Max CVSS
7.5
EPSS Score
0.34%
Published
2024-01-09
Updated
2024-01-12
Windows Hyper-V Remote Code Execution Vulnerability
Max CVSS
7.5
EPSS Score
0.11%
Published
2024-01-09
Updated
2024-01-12
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-02-05
Updated
2024-02-09
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
Max CVSS
7.5
EPSS Score
0.13%
Published
2024-01-22
Updated
2024-01-30
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
Max CVSS
7.5
EPSS Score
0.51%
Published
2023-12-14
Updated
2023-12-29
ZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the amount of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.
Max CVSS
7.3
EPSS Score
0.05%
Published
2023-11-08
Updated
2023-11-16
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a "cross-linked block" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-11-14
Updated
2023-11-22
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.
Max CVSS
7.0
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-17
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
Max CVSS
8.1
EPSS Score
0.14%
Published
2023-09-09
Updated
2024-01-09
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
Max CVSS
7.0
EPSS Score
0.04%
Published
2023-11-03
Updated
2023-11-09
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
8.1
EPSS Score
0.09%
Published
2023-12-04
Updated
2024-02-02
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
Max CVSS
7.0
EPSS Score
0.06%
Published
2023-09-06
Updated
2023-09-12
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Max CVSS
8.1
EPSS Score
0.46%
Published
2023-10-10
Updated
2023-10-12
Windows Graphics Component Elevation of Privilege Vulnerability
Max CVSS
7.0
EPSS Score
0.04%
Published
2023-10-10
Updated
2023-10-12
Windows Runtime Remote Code Execution Vulnerability
Max CVSS
7.0
EPSS Score
0.11%
Published
2023-10-10
Updated
2023-10-12
726 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!