Read Time:6 Second
FEDORA-2024-1cab90a9e7
Packages in this update:
podman-tui-1.2.3-1.fc41
Update description:
release 1.2.3
Category Archives: Advisories
Multiple Vulnerabilities in Microsoft Edge (Chromium-based) Could Allow for Arbitrary Code Execution
Read Time:29 Second
Multiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
buildah-1.37.5-1.fc41 containers-common-0.60.4-4.fc41 podman-5.2.5-1.fc41
Read Time:22 Second
FEDORA-2024-5a61a2fa45
Packages in this update:
buildah-1.37.5-1.fc41
containers-common-0.60.4-4.fc41
podman-5.2.5-1.fc41
Update description:
Automatic update for buildah-1.37.5-1.fc41.
Changelog for buildah
* Fri Oct 18 2024 Packit <hello@packit.dev> – 2:1.37.5-1
– Update to 1.37.5 upstream release
Fixes CVE-2024-9341, CVE-2024-9675 and CVE-2024-9676.
bugfix
chromium-130.0.6723.58-1.fc40
Read Time:41 Second
FEDORA-2024-4d80983af6
Packages in this update:
chromium-130.0.6723.58-1.fc40
Update description:
Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
chromium-130.0.6723.58-1.fc41
Read Time:41 Second
FEDORA-2024-3a6f9ab958
Packages in this update:
chromium-130.0.6723.58-1.fc41
Update description:
Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
chromium-130.0.6723.58-1.el9
Read Time:42 Second
FEDORA-EPEL-2024-01e1cef110
Packages in this update:
chromium-130.0.6723.58-1.el9
Update description:
Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
chromium-130.0.6723.58-1.el8
Read Time:42 Second
FEDORA-EPEL-2024-dde512d4ed
Packages in this update:
chromium-130.0.6723.58-1.el8
Update description:
Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
chromium-130.0.6723.58-1.fc39
Read Time:41 Second
FEDORA-2024-c0b1d26de3
Packages in this update:
chromium-130.0.6723.58-1.fc39
Update description:
Update to 130.0.6723.58
* High CVE-2024-9954: Use after free in AI
* Medium CVE-2024-9955: Use after free in Web Authentication
* Medium CVE-2024-9956: Inappropriate implementation in Web Authentication
* Medium CVE-2024-9957: Use after free in UI
* Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture
* Medium CVE-2024-9959: Use after free in DevTools
* Medium CVE-2024-9960: Use after free in Dawn
* Medium CVE-2024-9961: Use after free in Parcel Tracking
* Medium CVE-2024-9962: Inappropriate implementation in Permissions
* Medium CVE-2024-9963: Insufficient data validation in Downloads
* Low CVE-2024-9964: Inappropriate implementation in Payments
* Low CVE-2024-9965: Insufficient data validation in DevTools
* Low CVE-2024-9966: Inappropriate implementation in Navigations
ZDI-24-1420: Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2015-0250.
Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
Read Time:46 Second
What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard IPS protection is currently being investigated to address CVE-2024-40711.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.