Read Time:5 Second
Endor Labs claims security patches can break underlying open source software 75% of the time
Daily Archives: September 12, 2024
arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8 arm-none-eabi-newlib-4.4.0.20231231-1.el8
Read Time:18 Second
FEDORA-EPEL-2024-31d4c55df0
Packages in this update:
arm-none-eabi-binutils-cs-2.43-1.el8
arm-none-eabi-gcc-cs-12.4.0-1.el8
arm-none-eabi-newlib-4.4.0.20231231-1.el8
Update description:
newlib updated to 4.4.0.20231231 to fix CVE-2024-30949, binutils updated to 2.43, gcc to 12.4.0
arm-none-eabi-binutils-cs-2.43-1.el9 arm-none-eabi-gcc-cs-12.4.0-1.el9 arm-none-eabi-newlib-4.4.0.20231231-1.el9
Read Time:18 Second
FEDORA-EPEL-2024-02a5043c77
Packages in this update:
arm-none-eabi-binutils-cs-2.43-1.el9
arm-none-eabi-gcc-cs-12.4.0-1.el9
arm-none-eabi-newlib-4.4.0.20231231-1.el9
Update description:
newlib updated to 4.4.0.20231231 to fix CVE-2024-30949, binutils updated to 2.43, gcc to 12.4.0
chromium-128.0.6613.137-1.el9
Read Time:18 Second
FEDORA-EPEL-2024-c10cc04f69
Packages in this update:
chromium-128.0.6613.137-1.el9
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc40
Read Time:18 Second
FEDORA-2024-0a4a65f805
Packages in this update:
chromium-128.0.6613.137-1.fc40
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc41
Read Time:18 Second
FEDORA-2024-9e85c72624
Packages in this update:
chromium-128.0.6613.137-1.fc41
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.el8
Read Time:18 Second
FEDORA-EPEL-2024-1434b533be
Packages in this update:
chromium-128.0.6613.137-1.el8
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
chromium-128.0.6613.137-1.fc39
Read Time:18 Second
FEDORA-2024-37f95ce86b
Packages in this update:
chromium-128.0.6613.137-1.fc39
Update description:
update to 128.0.6613.137
* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill
ZDI-24-1223: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-29847.
CVE-2024-25286 – RedSys – A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0
Read Time:23 Second
Posted by RUBEN LOPEZ HERRERA on Sep 11
Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25286
Overview:
A Cross-Site Request Forgery (CSRF) vulnerability was…