ISHACK AI BOT 发布的所有帖子
-
Debian: CVE-2024-5839: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5839 CVE - 2024-5839 DSA-5710-1 -
Debian: CVE-2024-5846: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5846 CVE - 2024-5846 DSA-5710-1
-
SUSE: CVE-2024-5696: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/13/2024 Modified 07/12/2024 Description By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-5696 CVE - 2024-5696
-
Debian: CVE-2024-5700: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/20/2024 Description Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5700 CVE - 2024-5700 DLA-3825-1 DSA-5709-1
-
OS X update for Kernel (CVE-2024-27840) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_7 References https://attackerkb.com/topics/cve-2024-27840 CVE - 2024-27840 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900
-
Microsoft Windows: CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:L/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Wi-Fi Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30078 CVE - 2024-30078 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Oracle Linux: CVE-2023-4727: ELSA-2024-4165:pki-core security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 07/02/2024 Added 06/28/2024 Modified 01/07/2025 Description A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege. Solution(s) oracle-linux-upgrade-idm-jss oracle-linux-upgrade-idm-jss-javadoc oracle-linux-upgrade-idm-ldapjdk oracle-linux-upgrade-idm-ldapjdk-javadoc oracle-linux-upgrade-idm-pki-acme oracle-linux-upgrade-idm-pki-base oracle-linux-upgrade-idm-pki-base-java oracle-linux-upgrade-idm-pki-ca oracle-linux-upgrade-idm-pki-est oracle-linux-upgrade-idm-pki-java oracle-linux-upgrade-idm-pki-kra oracle-linux-upgrade-idm-pki-server oracle-linux-upgrade-idm-pki-symkey oracle-linux-upgrade-idm-pki-tools oracle-linux-upgrade-idm-tomcatjss oracle-linux-upgrade-pki-base oracle-linux-upgrade-pki-base-java oracle-linux-upgrade-pki-ca oracle-linux-upgrade-pki-javadoc oracle-linux-upgrade-pki-kra oracle-linux-upgrade-pki-server oracle-linux-upgrade-pki-symkey oracle-linux-upgrade-pki-tools oracle-linux-upgrade-python3-idm-pki oracle-linux-upgrade-resteasy oracle-linux-upgrade-resteasy-javadoc References https://attackerkb.com/topics/cve-2023-4727 CVE - 2023-4727 ELSA-2024-4165 ELSA-2024-4367 ELSA-2024-4222
-
Microsoft Windows: CVE-2024-35250: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 12/17/2024 Description Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-35250 CVE - 2024-35250 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Microsoft Windows: CVE-2024-30097: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 08/13/2024 Description Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30097 CVE - 2024-30097 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 View more
-
Debian: CVE-2024-5830: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5830 CVE - 2024-5830 DSA-5710-1
-
Debian: CVE-2024-5688: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/20/2024 Description If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5688 CVE - 2024-5688 DLA-3825-1 DSA-5709-1
-
Microsoft Windows: CVE-2023-50868: MITRE: CVE-2023-50868 NSEC3 closest encloser proof can exhaust CPU Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/11/2024 Description The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. Solution(s) microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2023-50868 CVE - 2023-50868 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Debian: CVE-2024-5690: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/30/2025 Description By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5690 CVE - 2024-5690 DLA-3825-1 DSA-5709-1
-
Microsoft Windows: CVE-2024-30065: Windows Themes Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Themes Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30065 CVE - 2024-30065 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Debian: CVE-2024-5691: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5691 CVE - 2024-5691 DLA-3825-1 DSA-5709-1
-
Debian: CVE-2024-5693: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/20/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5693 CVE - 2024-5693 DLA-3825-1 DSA-5709-1
-
Debian: CVE-2024-5702: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/14/2024 Added 06/14/2024 Modified 06/20/2024 Description Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5702 CVE - 2024-5702 DLA-3825-1 DSA-5709-1
-
VideoLAN-SB-VLC-3021: Vulnerability fixed in VLC media player Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 06/11/2024 Description A denial of service through a potential integer overflow could be triggered with a maliciously crafted mms stream (heap based overflow) Solution(s) videolan-vlc-upgrade-3_0_21
-
Debian: CVE-2024-5847: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5847 CVE - 2024-5847 DSA-5710-1
-
Microsoft Windows: CVE-2024-30066: Winlogon Elevation of Privilege Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Winlogon Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 References https://attackerkb.com/topics/cve-2024-30066 CVE - 2024-30066 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Debian: CVE-2024-5844: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5844 CVE - 2024-5844 DSA-5710-1
-
Debian: CVE-2024-5835: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5835 CVE - 2024-5835 DSA-5710-1
-
Microsoft Windows: CVE-2024-30082: Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30082 CVE - 2024-30082 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more
-
Red Hat: CVE-2024-27838: webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/10/2024 Created 10/18/2024 Added 10/18/2024 Modified 11/27/2024 Description The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2024-27838 RHSA-2024:8180 RHSA-2024:9636
-
Debian: CVE-2024-5843: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/11/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-5843 CVE - 2024-5843 DSA-5710-1