pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory

Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...

CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...

Obsidian 输入验证错误漏洞

Obsidian is a knowledge base for native Markdown files from the Obsidian community. A security vulnerability exists in Obsidian that stems from its open use without checking URLs leading to an attacker being able to cause remote execution of obsidian code via a specific URL. The following version...

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

CVE-2020-36430

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decodechars called from decodefont and processtext because the wrong integer data type is used for subtraction...

CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service application crash exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash...