This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23131.
Category Archives: Advisories
ZDI-24-756: Autodesk AutoCAD SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-37004.
chromium-126.0.6478.55-1.fc39
FEDORA-2024-86e4115138
Packages in this update:
chromium-126.0.6478.55-1.fc39
Update description:
update to 126.0.6478.55
High CVE-2024-5830: Type Confusion in V8
High CVE-2024-5831: Use after free in Dawn
High CVE-2024-5832: Use after free in Dawn
High CVE-2024-5833: Type Confusion in V8
High CVE-2024-5834: Inappropriate implementation in Dawn
High CVE-2024-5835: Heap buffer overflow in Tab Groups
High CVE-2024-5836: Inappropriate Implementation in DevTools
High CVE-2024-5837: Type Confusion in V8
High CVE-2024-5838: Type Confusion in V8
Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
Medium CVE-2024-5840: Policy Bypass in CORS
Medium CVE-2024-5841: Use after free in V8
Medium CVE-2024-5842: Use after free in Browser UI
Medium CVE-2024-5843: Inappropriate implementation in Downloads
Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
Medium CVE-2024-5845: Use after free in Audio
Medium CVE-2024-5846: Use after free in PDFium
Medium CVE-2024-5847: Use after free in PDFium
chromium-126.0.6478.55-1.fc40
FEDORA-2024-5acee8c47f
Packages in this update:
chromium-126.0.6478.55-1.fc40
Update description:
update to 126.0.6478.55
High CVE-2024-5830: Type Confusion in V8
High CVE-2024-5831: Use after free in Dawn
High CVE-2024-5832: Use after free in Dawn
High CVE-2024-5833: Type Confusion in V8
High CVE-2024-5834: Inappropriate implementation in Dawn
High CVE-2024-5835: Heap buffer overflow in Tab Groups
High CVE-2024-5836: Inappropriate Implementation in DevTools
High CVE-2024-5837: Type Confusion in V8
High CVE-2024-5838: Type Confusion in V8
Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
Medium CVE-2024-5840: Policy Bypass in CORS
Medium CVE-2024-5841: Use after free in V8
Medium CVE-2024-5842: Use after free in Browser UI
Medium CVE-2024-5843: Inappropriate implementation in Downloads
Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
Medium CVE-2024-5845: Use after free in Audio
Medium CVE-2024-5846: Use after free in PDFium
Medium CVE-2024-5847: Use after free in PDFium
chromium-126.0.6478.55-1.el9
FEDORA-EPEL-2024-3be7c643a4
Packages in this update:
chromium-126.0.6478.55-1.el9
Update description:
update to 126.0.6478.55
* High CVE-2024-5830: Type Confusion in V8
* High CVE-2024-5831: Use after free in Dawn
* High CVE-2024-5832: Use after free in Dawn
* High CVE-2024-5833: Type Confusion in V8
* High CVE-2024-5834: Inappropriate implementation in Dawn
* High CVE-2024-5835: Heap buffer overflow in Tab Groups
* High CVE-2024-5836: Inappropriate Implementation in DevTools
* High CVE-2024-5837: Type Confusion in V8
* High CVE-2024-5838: Type Confusion in V8
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* Medium CVE-2024-5840: Policy Bypass in CORS
* Medium CVE-2024-5841: Use after free in V8
* Medium CVE-2024-5842: Use after free in Browser UI
* Medium CVE-2024-5843: Inappropriate implementation in Downloads
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
* Medium CVE-2024-5845: Use after free in Audio
* Medium CVE-2024-5846: Use after free in PDFium
* Medium CVE-2024-5847: Use after free in PDFium
chromium-126.0.6478.55-1.el7
FEDORA-EPEL-2024-772a5fa32d
Packages in this update:
chromium-126.0.6478.55-1.el7
Update description:
update to 126.0.6478.55
* High CVE-2024-5830: Type Confusion in V8
* High CVE-2024-5831: Use after free in Dawn
* High CVE-2024-5832: Use after free in Dawn
* High CVE-2024-5833: Type Confusion in V8
* High CVE-2024-5834: Inappropriate implementation in Dawn
* High CVE-2024-5835: Heap buffer overflow in Tab Groups
* High CVE-2024-5836: Inappropriate Implementation in DevTools
* High CVE-2024-5837: Type Confusion in V8
* High CVE-2024-5838: Type Confusion in V8
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* Medium CVE-2024-5840: Policy Bypass in CORS
* Medium CVE-2024-5841: Use after free in V8
* Medium CVE-2024-5842: Use after free in Browser UI
* Medium CVE-2024-5843: Inappropriate implementation in Downloads
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
* Medium CVE-2024-5845: Use after free in Audio
* Medium CVE-2024-5846: Use after free in PDFium
* Medium CVE-2024-5847: Use after free in PDFium
chromium-126.0.6478.55-1.el8
FEDORA-EPEL-2024-6062617208
Packages in this update:
chromium-126.0.6478.55-1.el8
Update description:
update to 126.0.6478.55
* High CVE-2024-5830: Type Confusion in V8
* High CVE-2024-5831: Use after free in Dawn
* High CVE-2024-5832: Use after free in Dawn
* High CVE-2024-5833: Type Confusion in V8
* High CVE-2024-5834: Inappropriate implementation in Dawn
* High CVE-2024-5835: Heap buffer overflow in Tab Groups
* High CVE-2024-5836: Inappropriate Implementation in DevTools
* High CVE-2024-5837: Type Confusion in V8
* High CVE-2024-5838: Type Confusion in V8
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* Medium CVE-2024-5840: Policy Bypass in CORS
* Medium CVE-2024-5841: Use after free in V8
* Medium CVE-2024-5842: Use after free in Browser UI
* Medium CVE-2024-5843: Inappropriate implementation in Downloads
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
* Medium CVE-2024-5845: Use after free in Audio
* Medium CVE-2024-5846: Use after free in PDFium
* Medium CVE-2024-5847: Use after free in PDFium
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
ZDI-24-610: Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-52335.
ZDI-24-609: Microsoft Windows Menu DC Pen Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30082.