Category Archives: Advisories

ZDI-24-1203: Adobe Photoshop JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-43760.

Read More

ZDI-24-1202: Adobe After Effects AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39381.

Read More

ZDI-24-1201: Adobe Premiere Pro AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39384.

Read More

ZDI-24-1200: Adobe Media Encoder AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39377.

Read More

ZDI-24-1199: Adobe After Effects AVI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39382.

Read More

ZDI-24-1198: Adobe Premiere Pro AVI File Parsing Use-After-Free Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39385.

Read More

OXAS-ADV-2024-0005: OX App Suite Security Advisory

Read Time:23 Second

Posted by Martin Heiland via Fulldisclosure on Sep 09

Dear subscribers,

We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html.

Yours sincerely,
Martin Heiland, Open-Xchange…

Read More

bluez-5.78-1.fc41 iwd-2.21-1.fc41 libell-0.69-1.fc41

Read Time:53 Second

FEDORA-2024-acb9425c93

Packages in this update:

bluez-5.78-1.fc41
iwd-2.21-1.fc41
libell-0.69-1.fc41

Update description:

libell 0.69:

Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.

iwd 2.21:

Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.

bluez 5.78:

Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.

Read More

bluez-5.78-1.fc40 iwd-2.21-1.fc40 libell-0.69-1.fc40

Read Time:53 Second

FEDORA-2024-223428e702

Packages in this update:

bluez-5.78-1.fc40
iwd-2.21-1.fc40
libell-0.69-1.fc40

Update description:

libell 0.69:

Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.

iwd 2.21:

Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.

bluez 5.78:

Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.

Read More