Category Archives: Advisories

chromium-126.0.6478.182-1.fc39

Read Time:28 Second

FEDORA-2024-d9916cb7e2

Packages in this update:

chromium-126.0.6478.182-1.fc39

Update description:

update to 126.0.6478.182

High CVE-2024-6772: Inappropriate implementation in V8
High CVE-2024-6773: Type Confusion in V8
High CVE-2024-6774: Use after free in Screen Capture
High CVE-2024-6775: Use after free in Media Stream
High CVE-2024-6776: Use after free in Audio
High CVE-2024-6777: Use after free in Navigation
High CVE-2024-6778: Race in DevTools
High CVE-2024-6779: Out of bounds memory access in V8

Read More

USN-6901-1: stunnel vulnerability

Read Time:12 Second

It was discovered that stunnel did not properly validate client
certificates when configured to use both the redirect and verifyChain
options. A remote attacker could potentially use this issue to obtain
sensitive information by accessing the tunneled service.

Read More

ZDI-24-915: SolarWinds Access Rights Manager AddGeneratedReport Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

Read Time:14 Second

This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2024-23472.

Read More

ZDI-24-914: SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

Read Time:14 Second

This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-23474.

Read More

ZDI-24-913: SolarWinds Access Rights Manager deleteTransferFile Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

Read Time:14 Second

This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-23468.

Read More