GHSA-F9JP-856V-8642 PocketMine-MP: Player entities can still die and drop items in flaggedForDespawn state

Summary When an entity dies, the entity is flagged for despawn, but remains in the World's entity table, meaning it's still accessible by doing World-getEntity$entityId and other methods. The same is true of a player when quitting the server. When a network packet arrives from a client to attack ...

ALPINE-CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that stems from the premature release of connection objects in the soupserverdisconnect function. This can lead to reuse of released objects, potentially causing server crashes and denial-of-service...

EUVD-2004-2589

Malware in sbrugna...

EUVD-2020-3436

Malware in sbrugna...

EUVD-2018-18797

Malware in sbrugna...

openvpn -- two security fixes

Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...

CVE-2023-5393

Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from a base64 encoding error in the -bin suffix header that causes the gRPC server to disconnect...

ALPINE-CVE-2021-29376

ircII before 20210314 allows remote attackers to cause a denial of service segmentation fault and client crash, disconnecting the victim from an IRC server via a crafted CTCP UTC message...

DEBIAN-CVE-2010-3438

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...

Command injection

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...

mysql: prepared statement handle use-after-free after disconnect

A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...

Updated irssi packages fix security vulnerability

Null pointer dereference when an "empty" nick has been observed by Irssi CVE-2018-7050. Certain nick names could result in out of bounds access when printing theme strings CVE-2018-7051. When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference...

ALPINE-CVE-2018-7054

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191...

CVE-2018-7054

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191...

mysql: prepared statement handle use-after-free after disconnect

A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...

mysql: prepared statement handle use-after-free after disconnect

A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...

mysql: prepared statement handle use-after-free after disconnect

A flaw was found in the way MySQL client library libmysqlclient handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient...