This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-20734.
Category Archives: Advisories
ZDI-24-166: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-20736.
ZDI-24-165: Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21412.
ZDI-24-164: Microsoft Office Word PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21379.
syncthing-1.27.3-1.el8
FEDORA-EPEL-2024-10430622fd
Packages in this update:
syncthing-1.27.3-1.el8
Update description:
Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
syncthing-1.27.3-1.el9
FEDORA-EPEL-2024-f808902932
Packages in this update:
syncthing-1.27.3-1.el9
Update description:
Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
syncthing-1.27.3-1.fc39
FEDORA-2024-c46536abe6
Packages in this update:
syncthing-1.27.3-1.fc39
Update description:
Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
syncthing-1.27.3-1.fc38
FEDORA-2024-b93312a597
Packages in this update:
syncthing-1.27.3-1.fc38
Update description:
Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
freeglut-3.4.0-7.fc38
FEDORA-2024-0356803680
Packages in this update:
freeglut-3.4.0-7.fc38
Update description:
Patch for CVE-2024-24258 and CVE-2024-24259
freeglut-3.4.0-7.fc39
FEDORA-2024-b69a4d75a1
Packages in this update:
freeglut-3.4.0-7.fc39
Update description:
Patch for CVE-2024-24258 and CVE-2024-24259