Read Time:7 Second
A 23andMe letter sent to a legal firm representing victims of the data breach claims that users were at fault for recycling passwords
Monthly Archives: January 2024
chromium-120.0.6099.199-1.el9
Read Time:23 Second
FEDORA-EPEL-2024-650d6143b5
Packages in this update:
chromium-120.0.6099.199-1.el9
Update description:
update to 120.0.6099.199
CVE-2023-6879 aom: heap-buffer-overflow on frame size change
CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz
CVE-2024-0222: Use after free in ANGLE
CVE-2024-0223: Heap buffer overflow in ANGLE
CVE-2024-0224: Use after free in WebAudio
CVE-2024-0225: Use after free in WebGPU
chromium-120.0.6099.199-1.el7
Read Time:23 Second
FEDORA-EPEL-2024-148b296f8a
Packages in this update:
chromium-120.0.6099.199-1.el7
Update description:
update to 120.0.6099.199
CVE-2023-6879 aom: heap-buffer-overflow on frame size change
CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz
CVE-2024-0222: Use after free in ANGLE
CVE-2024-0223: Heap buffer overflow in ANGLE
CVE-2024-0224: Use after free in WebAudio
CVE-2024-0225: Use after free in WebGPU
chromium-120.0.6099.199-1.el8
Read Time:23 Second
FEDORA-EPEL-2024-39ec948d57
Packages in this update:
chromium-120.0.6099.199-1.el8
Update description:
update to 120.0.6099.199
CVE-2023-6879 aom: heap-buffer-overflow on frame size change
CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz
CVE-2024-0222: Use after free in ANGLE
CVE-2024-0223: Heap buffer overflow in ANGLE
CVE-2024-0224: Use after free in WebAudio
CVE-2024-0225: Use after free in WebGPU
chromium-120.0.6099.199-1.fc38
Read Time:22 Second
FEDORA-2024-a6c2300bca
Packages in this update:
chromium-120.0.6099.199-1.fc38
Update description:
update to 120.0.6099.199
CVE-2023-6879 aom: heap-buffer-overflow on frame size change
CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz
CVE-2024-0222: Use after free in ANGLE
CVE-2024-0223: Heap buffer overflow in ANGLE
CVE-2024-0224: Use after free in WebAudio
CVE-2024-0225: Use after free in WebGPU
ZDI-24-014: Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50219.
ZDI-24-015: Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2023-50220.
ZDI-24-016: Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50221.
ZDI-24-017: Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50222.
ZDI-24-018: Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-50223.