347 matches found
GLSA-202312-02 : Minecraft Server: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202312-02 Minecraft Server: Remote Code Execution - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingNa...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell CVE-2021-44228 minecraft demo This demo is used at...
Malicious Package
Overview MinecraftPocket.Server is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's...
CVE-2023-38689
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
Remote code execution
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
CVE-2023-38689
Summary (CVE-2023-38689): Logistics Pipes (Minecraft Java Edition mod) suffers a deserialization vulnerability due to Java’s ObjectInputStream#readObject on untrusted data over the network, enabling potential remote code execution. Affected versions are 0.7.0.91 to 0.10.0.71; fix applied in 0.10....
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
PT-2023-26553 · Mojang · Minecraft
Name of the Vulnerable Software and Affected Versions: Logistics Pipes versions 0.7.0.91 through 0.10.0.71 Description: The issue is related to the use of Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network, resulting in possible remote code...
Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability
Minecraft players interested in modding are potentially at risk of compromise. A Remote Code Execution RCE vulnerability in certain Minecraft mods allows for malicious commands on both servers and clients. The vulnerability, named BleedingPipe, allows attackers to take over a targeted server...
CVE-2023-37262
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37261
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...
Design/Logic Flaw
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...
Default credentials
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37262 CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37262 CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37262
CC: Tweaked (Minecraft mod) contains an SSRF vulnerability where, before fixes, metadata service endpoints on cloud providers (AWS, GCP, Azure) were not blocked by default when the plugin runs on affected servers. This allowed any player to access sensitive information from cloud metadata service...
CVE-2023-37262 CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting...
CVE-2023-37261 OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is...