CVE-2024-45813

CVE-2024-45813 affects the find-my-way HTTP router. A bad regular expression is generated when two parameters exist within a single segment, notably with a trailing dash (e.g., ":/a-:b-"). This can lead to a Denial of Service in some cases. Affected versions require upgrade to find-my-way v8.2.2 ...

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

DEBIAN-CVE-2024-46752

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUGON with error handling at updaterefforcow Instead of a BUGON just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't ha...

CVE-2024-46752

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUGON with error handling at updaterefforcow Instead of a BUGON just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't ha...

DEBIAN-CVE-2024-46743

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

UBUNTU-CVE-2024-46767

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix missing ofnodeput for leds The call of ofgetchildbyname will cause refcount incremented for leds, if it succeeds, it should call ofnodeput to decrease it, fix it...

CVE-2024-46752

CVE-2024-46752 - Mode C (detailed, verified): The vulnerability is in the Linux kernel’s btrfs code path; specifically, update_ref_for_cow() previously used BUG_ON() and now returns an error, logs an error, and aborts the transaction when an extent buffer in the relocation tree lacks the full bac...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

clk: Get runtime PM before walking tree during disable_unused

...

kernel: net: bridge: mst: fix vlan use-after-free

A use-after-free flaw was found in net/bridge/brmst.c in the Linux kernel. This issue may lead to compromised Confidentiality and Integrity, and can crash...

CVE-2024-27003

...

SUSE CVE-2024-44963

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

AZL-49924 CVE-2024-44963 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

AZL-49953 CVE-2024-44963 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

DEBIAN-CVE-2024-44963

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON when freeing tree block after error When freeing a tree block, at btrfsfreetreeblock, if we fail to create a delayed reference we don't deal with the error and just do a BUGON. The error most likely to happen ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a space leak that could result from an error in the btrfs file system after releasing a tree block...