Category Archives: Advisories

chromium-128.0.6613.137-1.el9

Read Time:18 Second

FEDORA-EPEL-2024-c10cc04f69

Packages in this update:

chromium-128.0.6613.137-1.el9

Update description:

update to 128.0.6613.137

* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill

Read More

chromium-128.0.6613.137-1.fc41

Read Time:18 Second

FEDORA-2024-9e85c72624

Packages in this update:

chromium-128.0.6613.137-1.fc41

Update description:

update to 128.0.6613.137

* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill

Read More

chromium-128.0.6613.137-1.el8

Read Time:18 Second

FEDORA-EPEL-2024-1434b533be

Packages in this update:

chromium-128.0.6613.137-1.el8

Update description:

update to 128.0.6613.137

* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill

Read More

chromium-128.0.6613.137-1.fc39

Read Time:18 Second

FEDORA-2024-37f95ce86b

Packages in this update:

chromium-128.0.6613.137-1.fc39

Update description:

update to 128.0.6613.137

* High CVE-2024-8636: Heap buffer overflow in Skia
* High CVE-2024-8637: Use after free in Media Router
* High CVE-2024-8638: Type Confusion in V8
* High CVE-2024-8639: Use after free in Autofill

Read More

CVE-2024-25286 – RedSys – A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Authorization Method of 3DSecure 2.0

Read Time:23 Second

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Request Forgery (CSRF)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25286

Overview:
A Cross-Site Request Forgery (CSRF) vulnerability was…

Read More

CVE-2024-25285 – RedSys – 3DSecure 2.0 is vulnerable to form action hijacking

Read Time:23 Second

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Method Authentication
Tested Version(s): 3DSecure 2.0 3DS Method Authentication
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25285

Overview:
3DSecure 2.0 is vulnerable to form action hijacking via the…

Read More

CVE-2024-25284 – RedSys – Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0

Read Time:22 Second

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Method
Tested Version(s): 3DSecure 2.0 3DS Authorization Method
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25284

Overview:
Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in…

Read More

CVE-2024-25283 – RedSys – Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure 2.0

Read Time:22 Second

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Authorization Challenge
Tested Version(s): 3DSecure 2.0 3DS Authorization Challenge
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25283

Overview:
Multiple reflected Cross-Site Scripting (XSS)…

Read More

CVE-2024-25282 – RedSys – 3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its 3DSMethod Authentication

Read Time:24 Second

Posted by RUBEN LOPEZ HERRERA on Sep 11

Product: 3DSecure 2.0
Manufacturer: Redsys
Affected Version(s): 3DSecure 2.0 3DS Method Authentication
Tested Version(s): 3DSecure 2.0 3DS Method Authentication
Vulnerability Type: Cross-Site Scripting (XSS)
Risk Level: Medium
Solution Status: Not yet fixed
Manufacturer Notification: 2024-01-17
Solution Date: N/A
Public Disclosure: 2024-09-17
CVE Reference: CVE-2024-25282

Overview:
3DSecure 2.0 is vulnerable to Cross-Site Scripting (XSS) in its…

Read More