pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory

Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...

CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

Obsidian 输入验证错误漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in Obsidian that stems from its open use without checking URLs leading to an attacker being able to cause remote execution of obsidian code via a specific URL. The following version...

[ASA-201809-2] bitcoin-qt: denial of service

Arch Linux Security Advisory ASA-201809-2 ========================================= Severity: Medium Date : 2018-09-22 CVE-ID : CVE-2018-17144 Package : bitcoin-qt Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-766 Summary ======= The package bitcoin-qt before...

CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service application crash exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash...

Code injection

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment...