This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21411.
Category Archives: Advisories
ZDI-24-292: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20745.
ZDI-24-291: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20752.
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897)
What is the Vulnerability?
Cyber threat actors are actively targeting Jenkins which is a Java-based open-source automation server widely used by application developers. The critical vulnerability tracked as CVE-2024-23897 could enable remote code execution (RCE) potentially leading to unauthorized access and data compromise. Exploiting this vulnerability allows attackers to read any files on the Jenkins controller file system.FortiRecon ACI service has observed active and recent discussions in the Dark Web. Also, a Proof of Concept (PoC) exploit has been made publicly available which makes this vulnerability crucial for continuous monitoring and more exploitation activities.
What is the Vendor Solution?
Jenkins released a security advisory on January 24, 2024 about this vulnerability. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has provided protection via the IPS signature “Jenkins.LTS.Command.Line.Interface.Arbitrary.File.Read” which was released in early February to detect and block any attack attempts targeting the vulnerability (CVE-2024-23897).
FortiGuard Labs advises organizations to apply the latest Jenkins security updates and patches.
DSA-5639-1 chromium – security update
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
libuev-2.4.1-1.el9
FEDORA-EPEL-2024-42a2a0f9b6
Packages in this update:
libuev-2.4.1-1.el9
Update description:
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc38
FEDORA-2024-75e1256954
Packages in this update:
libuev-2.4.1-1.fc38
Update description:
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc39
FEDORA-2024-d6a850992f
Packages in this update:
libuev-2.4.1-1.fc39
Update description:
Security fix for CVE-2022-48620
libuev-2.4.1-1.fc40
FEDORA-2024-40fbf3ee48
Packages in this update:
libuev-2.4.1-1.fc40
Update description:
Security fix for CVE-2022-48620
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Experience Manager is an all-in-one software suite used for content and asset management.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications.
Adobe Bridge is used to preview, organize, edit, and publish assets.
Adobe Lightroom is a photo editing and storage application available through the Adobe Creative Cloud.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights