Read Time:1 Second
Post Content
Category Archives: Advisories
chromium-121.0.6167.139-1.el9
Read Time:46 Second
FEDORA-EPEL-2024-2dd0ef9006
Packages in this update:
chromium-121.0.6167.139-1.el9
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
chromium-121.0.6167.139-2.el8
Read Time:46 Second
FEDORA-EPEL-2024-44e34a2f20
Packages in this update:
chromium-121.0.6167.139-2.el8
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
Atlassian Confluence Remote Code Execution (CVE-2023-22527)
Read Time:31 Second
What is the Vulnerability?
On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical).
What is the Vendor Solution?
Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution” in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
USN-6621-1: ImageMagick vulnerability
Read Time:7 Second
It was discovered that ImageMagick incorrectly handled certain values when
processing BMP files. An attacker could exploit this to cause a denial of
service.
wireshark-4.0.12-1.fc39
Read Time:11 Second
FEDORA-2024-b72131479b
Packages in this update:
wireshark-4.0.12-1.fc39
Update description:
New version 4.0.12. Includes fixes for CVE-2023-5371, CVE-2023-6174, CVE-2023-6175, CVE-2024-0208.
wireshark-4.0.12-1.fc38
Read Time:11 Second
FEDORA-2024-fdc7dfb959
Packages in this update:
wireshark-4.0.12-1.fc38
Update description:
New version 4.0.12. Includes fixes for CVE-2023-5371, CVE-2023-6174, CVE-2023-6175, CVE-2024-0208.
freerdp-2.11.5-1.fc38
Read Time:6 Second
FEDORA-2024-f294ddb7fb
Packages in this update:
freerdp-2.11.5-1.fc38
Update description:
Update to 2.11.5
freerdp-2.11.5-1.fc39
Read Time:6 Second
FEDORA-2024-01689e51e5
Packages in this update:
freerdp-2.11.5-1.fc39
Update description:
Update to 2.11.5
runc-1.1.12-1.fc38
Read Time:6 Second
FEDORA-2024-9044c9eefa
Packages in this update:
runc-1.1.12-1.fc38
Update description:
Security fix for CVE-2024-21626