Adobe has released last week a slew of security updates to address a total of 13 vulnerabilities affecting its Bridge, Prelude and Photoshop applications.
Of five vulnerabilities addressed in Photoshop application, two are out-of-bounds read (CVE-2020-9683 and CVE-2020-9686) that allow an attacker to gain access to sensitive information, while other three are out-of-bounds write bugs (CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687), which could be exploited for remote code execution.
In Bridge, Adobe’s asset management app, three vulnerabilities have been patched, two of which (CVE-2020-9674, CVE-2020-9676) could lead to remote code execution. Adobe Bridge versions 10.0.3 and earlier are affected. Users are recommended to update to version 10.1.1 for a fix.
Adobe Prelude solution has been found to contain out-of-bounds read (CVE-2020-9677, CVE-2020-9679) and out-of-bounds write (CVE-2020-9678, CVE-2020-9680) vulnerabilities that can allow code execution. The bugs affect Adobe Prelude versions 9.0 and earlier for Windows. Users can update to version 9.0.1. to resolve the flaws.
Cisco has also issued 33 security bug fixes to patch flaws across numerous of its products, including multiple RV-series routers, the RV110W series VPN Firewall, and Cisco SD-WAN Solution Software.
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers contain a couple of bugs deemed to be high security risks (CVE-2020-3357 and CVE-2020-3358). CVE-2020-3357 is a remote code execution bug, while CVE-2020-3358 is a denial of service flaw.
Cisco SD-WAN Solution Software is affected by two vulnerabilities (CVE-2020-3351, CVE-2020-3379). The first one allows a remote attacker to perform a denial of service attack whereas the latter can be exploited by a local user to escalate privileges on the system.
QEMU, an open source machine emulator and virtualizer, contains multiple vulnerabilities, most of which could be exploited to launch denial of service attacks, or gain access to sensitive information. However, two bugs (CVE-2020-13754 and CVE-2020-13361) allow a remote attacker to compromise vulnerable system by sending a malicious request.
The vulnerabilities impact QEMU v4.1.0, 4.1.1, 4.2.0, 4.2.1, and 5.0.0.
Foxit has fixed several bugs in its Studio Photo software. The most dangerous is CVE-2020-15629, which is an out-of-bound write vulnerability which allows a remote attacker to execute arbitrary code with the help of the specially crafted file. To achieve this, an attacker needs to convince the victim to open the malicious file. The flaw affects Foxit Studio Photo v3.6.6.918, 3.6.6.922, and 3.6.6.924.