This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-35303.
ZDI-24-671: (0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-5947.
ZDI-24-672: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5948.
ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5949.
ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5950.
ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-5951.
ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5952.
ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5924.
ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.
chromium-126.0.6478.55-1.fc39
FEDORA-2024-86e4115138
Packages in this update:
chromium-126.0.6478.55-1.fc39
Update description:
update to 126.0.6478.55
High CVE-2024-5830: Type Confusion in V8
High CVE-2024-5831: Use after free in Dawn
High CVE-2024-5832: Use after free in Dawn
High CVE-2024-5833: Type Confusion in V8
High CVE-2024-5834: Inappropriate implementation in Dawn
High CVE-2024-5835: Heap buffer overflow in Tab Groups
High CVE-2024-5836: Inappropriate Implementation in DevTools
High CVE-2024-5837: Type Confusion in V8
High CVE-2024-5838: Type Confusion in V8
Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
Medium CVE-2024-5840: Policy Bypass in CORS
Medium CVE-2024-5841: Use after free in V8
Medium CVE-2024-5842: Use after free in Browser UI
Medium CVE-2024-5843: Inappropriate implementation in Downloads
Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
Medium CVE-2024-5845: Use after free in Audio
Medium CVE-2024-5846: Use after free in PDFium
Medium CVE-2024-5847: Use after free in PDFium