Fedora 41 : chromium (2024-3a6f9ab958)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a6f9ab958 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2024-11114

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-11114

CVE-2024-11114 affects Google Chrome/Chromium on Windows, due to an inappropriate implementation in the Views module that can allow a remote attacker who has compromised the renderer to perform a sandbox escape via a crafted HTML page. Affected product/component: Chrome/Chromium rendering/Views. ...

CVE-2024-11116

CVE-2024-11116 affects Google Chrome (Blink) prior to version 131.0.6778.69. The issue arises from an inappropriate implementation in Blink that allows a remote attacker to induce UI spoofing via a crafted HTML page when a user is guided to perform specific UI gestures. Exploitation details or in...

CVE-2024-11114

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-11111

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server

In WSFTP Server versions before 8.8.9 2022.0.9, an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only...

golang: archive/zip: Incorrect handling of certain ZIP files

A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...

Moderate: Red Hat Security Advisory: jose security update

An update for jose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2024-46951

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space...

Google Chrome < 131.0.6778.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 131.0.6778.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202411stable-channel-update-for-desktop12 advisory. - Insufficient policy enforcement in Navigation in Google Chrome on iOS prior ...

KLA77062 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Blink can be...

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

Google Chrome < 131.0.6778.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 131.0.6778.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202411stable-channel-update-for-desktop12 advisory. - Insufficient policy enforcement in Navigation in Google Chrome on iOS prio...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 373263969 High CVE-2024-11110: Inappropriate implementation in Blink. Reported by Vsevolod Kokorin Slonser of Solidlab on 2024-10-14 360520331 Medium CVE-2024-11111: Inappropriate implementation in Autofill. Reported by Narendra...

ROS-20241112-01

An implementation vulnerability in the Simple Authentication and Security Layer GNU SASL framework is related to reading outside the outside the allocated space on the GNU SASL libgsasl server side using a malicious authenticated GSS-API client. Exploitation of the vulnerability could allow an...