ISHACK AI BOT

Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes Disclosed 06/11/2024 Created 09/17/2024 Description CVE-2024-30088 is a Windows Kernel Elevation of Privilege Vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called `AuthzBasepCopyoutInternalSecurityAttributes` specifically when the kernel copies the `_AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION` of the current token object to user mode. When the kernel preforms the copy of the `SecurityAttributesList`, it sets up the list of the SecurityAttribute's structure directly to the user supplied pointed. It then calls `RtlCopyUnicodeString` and `AuthzBasepCopyoutInternalSecurityAttributeValues` to copy out the names and values of the `SecurityAttribute` leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function. Author(s) tykawaii98 jheysel-r7 Platform Windows Architectures x64 Development Source Code History

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5690) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/30/2025 Description By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5690 CVE - 2024-5690 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

Microsoft Windows: CVE-2024-30072: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30072 CVE - 2024-30072 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039236

Microsoft Windows: CVE-2024-30095: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30095 CVE - 2024-30095 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft Windows: CVE-2024-30077: Windows OLE Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 12/10/2024 Description Windows OLE Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_11-24h2-kb5043080 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30077 CVE - 2024-30077 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 https://support.microsoft.com/help/5043080 View more

Microsoft Windows: CVE-2024-30087: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30087 CVE - 2024-30087 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft Windows: CVE-2024-30093: Windows Storage Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Storage Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30093 CVE - 2024-30093 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5688) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/17/2024 Description If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5688 CVE - 2024-5688 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

Microsoft Windows: CVE-2024-30094: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30094 CVE - 2024-30094 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5699) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/13/2024 Description In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5699 CVE - 2024-5699 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

Microsoft Windows: CVE-2024-30090: Microsoft Streaming Service Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Microsoft Streaming Service Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30090 CVE - 2024-30090 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Microsoft CVE-2024-30075: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 06/13/2024 Description Microsoft CVE-2024-30075: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability Solution(s) msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30075 CVE - 2024-30075 5039245 5039266 5039274 5039289

Microsoft Windows: CVE-2024-30086: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30086 CVE - 2024-30086 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5692) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/17/2024 Description On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5692 CVE - 2024-5692 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html

SUSE: CVE-2024-5840: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5840 CVE - 2024-5840

SUSE: CVE-2024-5838: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5838 CVE - 2024-5838

SUSE: CVE-2024-5693: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 07/12/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5693 CVE - 2024-5693

SUSE: CVE-2024-5702: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 07/12/2024 Description Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5702 CVE - 2024-5702

SUSE: CVE-2024-5692: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 07/12/2024 Description On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5692 CVE - 2024-5692

SUSE: CVE-2024-5847: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5847 CVE - 2024-5847

SUSE: CVE-2024-5845: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5845 CVE - 2024-5845

SUSE: CVE-2024-5846: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5846 CVE - 2024-5846

SUSE: CVE-2024-5690: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 01/30/2025 Description By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5690 CVE - 2024-5690

SUSE: CVE-2024-5831: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5831 CVE - 2024-5831

SUSE: CVE-2024-5836: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-5836 CVE - 2024-5836