This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-43760.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39381.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39384.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39377.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39382.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39385.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39378.
Posted by Martin Heiland via Fulldisclosure on Sep 09
Dear subscribers,
We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html.
Yours sincerely,
Martin Heiland, Open-Xchange…
bluez-5.78-1.fc41
iwd-2.21-1.fc41
libell-0.69-1.fc41
libell 0.69:
Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.
iwd 2.21:
Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.
bluez 5.78:
Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.
bluez-5.78-1.fc40
iwd-2.21-1.fc40
libell-0.69-1.fc40
libell 0.69:
Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.
iwd 2.21:
Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.
bluez 5.78:
Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.
