CVE-2024-47780 Information Disclosure in TYPO3 Page Tree

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected...

GHSA-RF5M-H8Q9-9W6Q Information Disclosure in TYPO3 Page Tree

Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Upda...

Information Disclosure in TYPO3 Page Tree

Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Solution Upda...

kernel: net: bridge: mst: fix vlan use-after-free

A use-after-free flaw was found in net/bridge/brmst.c in the Linux kernel. This issue may lead to compromised Confidentiality and Integrity, and can crash...

The vulnerability of the f2fs component of the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the f2fs component of the Linux operating system’s kernel is related to a panic state if extendtree is not created. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2024-46840

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...

CVE-2024-46840

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...

CVE-2024-46840 btrfs: clean up our handling of refs == 0 in snapshot delete

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...

CVE-2024-46840 btrfs: clean up our handling of refs == 0 in snapshot delete

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...

kernel: lib/generic-radix-tree.c: Don't overflow in peek()

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the rad...

kernel: lib/generic-radix-tree.c: Don't overflow in peek()

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the rad...

kernel: firmware: arm_scpi: Fix string overflow in SCPI genpd driver

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpipd-name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name...

Portage: Unverified PGP Signatures

Background Portage is the default Gentoo package management system. Description Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Impact When using the webrsync mechanism to sync the tree the PGP signatures that protect the...

eNMS 安全漏洞

eNMS is an open source network automation platform from eNMS. A security vulnerability exists in eNMS version 4.0.0, which stems from vulnerability to directory traversal attacks via gettreefiles...

PT-2024-32090 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS version 4.0.0 Description: The issue is related to a Directory Traversal vulnerability via the get tree files parameter. This allows unauthorized access to files on the system. No information is provided about the estimated number of...

SUSE CVE-2024-46752

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUGON with error handling at updaterefforcow Instead of a BUGON just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't ha...

SUSE CVE-2024-46767

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix missing ofnodeput for leds The call of ofgetchildbyname will cause refcount incremented for leds, if it succeeds, it should call ofnodeput to decrease it, fix it...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

CVE-2024-45813

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...