GHSA-WQQV-JCFR-9F5G PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Impact DyeColorIdMap-fromId did not account for the possibility that it might be given invalid input. This means that an undefined offset error would occur whenever this happened. This code is indirectly called during Banner-deserializeCompoundTag, which is invoked when deserializing any item NBT...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +7677 more potentially affected by CVE-2022-41966 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.2)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =1.1.0 - be.ordina:microservices-dashboard-server =1.0.1 and more Source cves: CVE-2022-41966 Source...

CVE-2022-22226

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS conditio...

Memory corruption

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS conditio...

CVE-2022-22226

CVE-2022-22226 affects Juniper Junos OS on EX4300-MP, EX4600, and QFX5000 Series in VXLAN scenarios. The issue is an Uncontrolled Memory Allocation in the Packet Forwarding Engine (PFE) that can be triggered by specific crafted packets from an adjacent attacker, leading to PFE crashes and memory ...

CVE-2022-22226 Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS conditio...

CVE-2022-22226 Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service DoS conditio...

Juniper Junos OS Vulnerability (JSA69876)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69876 advisory. - In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Jun...

DEBIAN-CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage of libmpcodecs/mpimage.c...

UBUNTU-CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage of libmpcodecs/mpimage.c...

MPlayer 缓冲区错误漏洞

MPlayer is an open source multimedia player from the MPlayer team. A security vulnerability exists in the MPlayer SVN-r38374-13.0.1 release, which stems from the freempimage function via libmpcodecs/mpimage.c being susceptible to memory corruption...

PT-2022-7419 · Mplayer +3 · Mplayer +3

Name of the Vulnerable Software and Affected Versions: MPlayer versions SVN-r38374-13.0.1 Description: The issue is related to memory corruption via the function free mp image of libmpcodecs/mp image.c and also involves the mov build index function, which is associated with a buffer overflow. Thi...

PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

GHSA-8CWQ-4CMF-PX73 PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

PT-2022-28217 · Unknown · Adhocore/Json-Comment +1

Name of the Vulnerable Software and Affected Versions: PocketMine-MP affected versions not specified Description: The issue arises from the pocketmineentitySkin component not handling errors correctly when parsing skin geometry data. Specifically, it expects false to be returned in case of an...

CVE-2022-31538

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31538

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

mp-m08-interface 路径遍历漏洞

mp-m08-interface is a repository by the individual developer João Pedro in Brazil. A security vulnerability exists in mp-m08-interface version 2020-12-10 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to denial of service. The vulnerability exists in the netItemStackToCore function in TypeConverter.php due to a lack of validation in item ids which allows an attacker to cause an application crash...

Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP

Impact Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 8ac16345a3bc099b62c1f5cfbf3b736e621c3f76, arbitrary item IDs are able to be written into an item's NBT. The intended purpose of this is to make said unmapped network items able to be moved around the inventory withou...