CVE-2023-30859 Spigot Command Exploit in Triton

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XL...

Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DO...

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "RustBucket communicates with command and control C2 servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley...

CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number =2311xxxx all...

CVE-2023-23451

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number =2311xxxx all...

Default credentials

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number =2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number =2311xxxx all...

CVE-2023-23451

CVE-2023-23451 affects SICK Flexi Classic and Flexi Soft Gateways (e.g., UE410-EN1/EN3/EN3S04/EN4 and FX0-GENT00000/FX0-GMOD00000/FX0-GPNT00000, including V2 variants) where Telnet is enabled by factory default and no password is set in the default configuration. This creates potential unauthoriz...

CVE-2023-28960

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then...

[NetScaler] HA Full Sync may cause Heartbeats missing

In a NetScaler HA High Availability setup, you may observe the following issues: HA Full sync can cause both nodes report peer node DOWN due to heartbeats missing. A new command propagation can cause HA Full sync again, and also leads node DOWN. The issue happens when all of the following trigger...

CVE-2023-29801

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function...

TOTOLINK X18 命令注入漏洞

The TOTOLINK X18 is a mesh router system from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X18 version V9.1.0cu.2024B20220329, which stems from multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg...

CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

Certificate policy check not enabled

...

CVE-2022-43773

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud serve, which stems from a sharing conflict that can occur in recipients when caching is enabled. Affected...

PT-2023-13006 · Avanquest · Pdfescape Online +1

Name of the Vulnerable Software and Affected Versions: Avanquest Software RAD PDF PDFEscape Online version 3.19.2.2 Description: The PDFEscape Online tool has a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove...

CVE-2023-25670

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2023-25670 TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2023-25674 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1...