CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

Updated nodejs packages fix security vulnerabilities

Nodejs 20.12.1 release fixes 2 CVE: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::Http2Session leads to HTTP/2 server crash- High CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - Medium...

Node.js Multiple Vulnerabilities (Apr 2024) - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

DEBIAN-CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

CVE-2024-26726

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extentmap for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfsholesspacecache. assertion failed: blockstart != EXTENTMAPHOLE, in...

UBUNTU-CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

CVE-2024-26727

CVE-2024-26727 (Linux kernel, btrfs subvolume creation) Concrete details are present in connected Astra/Linux advisory. The issue arises when creating a new subvolume under btrfs: after inserting the root item, a backref/read could access the subvolume before a preallocated anonymous device (anon...

CVE-2024-26726

CVE-2024-26726 : In the Linux kernel, a Btrfs bug could panic when writing the free-space inode because the extent map was dropped on a write error and then looked up again, yielding EXTENT_MAP_HOLE on a second pass. The fix removes dropping the extent_map range for the failed free-space cache wr...

CVE-2024-26726 btrfs: don't drop extent_map for free space inode on write error

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extentmap for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfsholesspacecache. assertion failed: blockstart != EXTENTMAPHOLE, in...

bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution

A flaw was found in the bind package. This issue may allow an attacker to query in a DNS64 enabled resolver node with a domain name triggering a server-stale data, triggering a code assertion, and resulting in a crash of named processes. This can allow a remote unauthenticated user to cause a...

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution

A flaw was found in the bind package. This issue may allow an attacker to query in a DNS64 enabled resolver node with a domain name triggering a server-stale data, triggering a code assertion, and resulting in a crash of named processes. This can allow a remote unauthenticated user to cause a...

RHEL 8 : bind9.16 (RHSA-2024:1648)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1648 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

SUSE SLED12: avahi / avahi-compat-howl-devel / avahi-compat-mDNSResponder-devel / etc (SUSE-SU-2024:1008-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1008-1 advisory. - CVE-2023-38471: Fixed reachable assertion in dbussethostname bsc1216594. - CVE-2023-38469: Fixed reachable...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...

SUSE SLED15: avahi / avahi-autoipd / avahi-compat-howl-devel / etc (SUSE-SU-2024:1014-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1014-1 advisory. - CVE-2023-38471: Fixed reachable assertion in dbussethostname bsc1216594. - CVE-2023-38469: Fix...

SUSE-SU-2024:1014-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbussethostname bsc1216594. - CVE-2023-38469: Fixed reachable assertions in avahi bsc1216598...

CVE-2023-52621

CVE-2023-52621: In the Linux kernel, a fix was added to bpf map helpers (bpf_map_lookup_elem, bpf_map_update_elem, bpf_map_delete_elem) to check rcu_read_lock_trace_held() before use when running sleepable BPF programs. The vulnerability arises when sleepable BPF programs manipulate BPF maps unde...