This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39381.
Category Archives: Advisories
ZDI-24-1201: Adobe Premiere Pro AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39384.
ZDI-24-1200: Adobe Media Encoder AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39377.
ZDI-24-1199: Adobe After Effects AVI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39382.
ZDI-24-1198: Adobe Premiere Pro AVI File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-39385.
ZDI-24-1197: Adobe Audition AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39378.
OXAS-ADV-2024-0005: OX App Suite Security Advisory
Posted by Martin Heiland via Fulldisclosure on Sep 09
Dear subscribers,
We’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.
This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0005.html.
Yours sincerely,
Martin Heiland, Open-Xchange…
bluez-5.78-1.fc41 iwd-2.21-1.fc41 libell-0.69-1.fc41
FEDORA-2024-acb9425c93
Packages in this update:
bluez-5.78-1.fc41
iwd-2.21-1.fc41
libell-0.69-1.fc41
Update description:
libell 0.69:
Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.
iwd 2.21:
Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.
bluez 5.78:
Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.
bluez-5.78-1.fc40 iwd-2.21-1.fc40 libell-0.69-1.fc40
FEDORA-2024-223428e702
Packages in this update:
bluez-5.78-1.fc40
iwd-2.21-1.fc40
libell-0.69-1.fc40
Update description:
libell 0.69:
Add support for getting remaining microseconds left on a timer.
Add support for setting link MTU on a network interface.
iwd 2.21:
Fix issue with pending scan requests after regdom update.
Fix issue with handling the rearming of the roaming timeout.
Fix issue with survey request and externally triggered scans.
Fix issue with RSSI fallback when setting CQM threshold fails.
Fix issue with FT-over-Air without offchannel support.
Add support for per station Affinities property.
bluez 5.78:
Fix issue with handling notification of scanned BISes to BASS
Fix issue with handling checking BIS caps against peer caps.
Fix issue with handling MGMT Set Device Flags overwrites.
Fix issue with handling ASE notification order.
Fix issue with handling BIG Info report events.
Fix issue with handling PACS Server role.
Fix issue with registering UHID_START multiple times.
Fix issue with pairing method not setting auto-connect.
linux-firmware-20240909-1.fc39
FEDORA-2024-3dbf10c949
Packages in this update:
linux-firmware-20240909-1.fc39
Update description:
Update to upstream 20240909:
i915: Update MTL DMC v2.23
cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
amdgpu: Revert sienna cichlid dmcub firmware update
iwlwifi: add Bz FW for core89-58 release
rtl_nic: add firmware rtl8126a-3
update MT7921 WiFi/bluetooth device firmware
amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
amdgpu: DMCUB updates forvarious AMDGPU ASICs
rtw89: 8922a: add fw format-1 v0.35.41.0
update MT7925 WiFi/bluetooth device firmware
rtl_bt: Add firmware and config files for RTL8922A
rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
rtl_bt: de-dupe identical config.bin files
rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
Update AMD SEV firmware
update firmware for MT7996
Revert “i915: Update MTL DMC v2.22”
ath12k: WCN7850 hw2.0: update board-2.bin
ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
ath11k: WCN6855 hw2.0: update board-2.bin
ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
ath11k: QCA2066 hw2.1: add board-2.bin
ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
qcom: vpu: add video firmware for sa8775p
amdgpu: DMCUB updates for various AMDGPU ASICs