ALT-BU-2024-7191-2
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2026-03-04
BDU:2024-03377
Уязвимость компонента Dawn браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
Modified: 2026-03-04
BDU:2024-03378
Уязвимость интерфейса обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2026-03-04
BDU:2024-03379
Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы и выполнить произвольный код
Modified: 2024-11-11
BDU:2024-07561
Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код, вызвать отказ в обслуживании или раскрыть защищаемую информацию
Modified: 2025-11-04
CVE-2024-4058
Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/332546345
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/332546345
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
Modified: 2025-11-04
CVE-2024-4059
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/333182464
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/333182464
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
Modified: 2025-11-04
CVE-2024-4060
Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/333420620
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
- https://issues.chromium.org/issues/333420620
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
Modified: 2025-01-02
CVE-2024-7018
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Closed vulnerabilities
BDU:2024-03309
Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнять произвольные SQL-запросы
Modified: 2025-01-29
BDU:2024-04047
Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2025-01-28
CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15.
- https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
- https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
- https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
- https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
Modified: 2025-01-07
CVE-2024-31456
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
- https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j
- https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j