chromium-128.0.6613.137-1.el8
FEDORA-EPEL-2024-1434b533be Packages in this update: chromium-128.0.6613.137-1.el8 Update description: update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free...
chromium-128.0.6613.137-1.fc39
FEDORA-2024-37f95ce86b Packages in this update: chromium-128.0.6613.137-1.fc39 Update description: update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free...
ZDI-24-1223: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The...
CVE-2024-25286 – RedSys – A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0
Posted by RUBEN LOPEZ HERRERA on Sep 11 Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Method Tested Version(s): 3DSecure 2.0 3DS...
CVE-2024-25285 – RedSys – 3DSecure 2.0 is vulnerable to form action hijacking
Posted by RUBEN LOPEZ HERRERA on Sep 11 Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Method Authentication Tested Version(s): 3DSecure 2.0 3DS...
CVE-2024-25284 – RedSys – Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0
Posted by RUBEN LOPEZ HERRERA on Sep 11 Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Method Tested Version(s): 3DSecure 2.0 3DS...
CVE-2024-25283 – RedSys – Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0
Posted by RUBEN LOPEZ HERRERA on Sep 11 Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Authorization Challenge Tested Version(s): 3DSecure 2.0 3DS...
CVE-2024-25282 – RedSys – 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication
Posted by RUBEN LOPEZ HERRERA on Sep 11 Product: 3DSecure 2.0 Manufacturer: Redsys Affected Version(s): 3DSecure 2.0 3DS Method Authentication Tested Version(s): 3DSecure 2.0 3DS...
libopenmpt-0.7.9-1.el8
FEDORA-EPEL-2024-a72ba05853 Packages in this update: libopenmpt-0.7.9-1.el8 Update description: libopenmpt 0.7.9 (2024-07-21) [Sec] Potential division by 0 when seeking in the module with seek.sync_samples enabled (r21167)....
libopenmpt-0.7.9-1.el9
FEDORA-EPEL-2024-45ce2e6776 Packages in this update: libopenmpt-0.7.9-1.el9 Update description: libopenmpt 0.7.9 (2024-07-21) [Sec] Potential division by 0 when seeking in the module with seek.sync_samples enabled (r21167)....