This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerabil…
Author: ZDI: Published Advisories
Vulnerabilities
ZDI-22-947: Parallels Access Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerabil…
Vulnerabilities
ZDI-22-946: Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-945: Parallels Access Agent Uncontrolled Search Path Element Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-940: Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-943: Parallels Desktop Updater Race Condition Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-941: Parallels Desktop Tools Untrusted Pointer Dereference Information Disclosure Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vul…
Vulnerabilities
ZDI-22-935: Advantech iView NetworkServlet backupDatabase backup_filename Command Injection Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-942: Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-936: Advantech iView runProViewUpgrade fwfilename Command Injection Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-939: Tencent WeChat WXAM Decoder Out-Of-Bounds Read Information Disclosure Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerabilities
ZDI-22-944: Autodesk AutoCAD CATPart File Parsing Use-After-Free Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerabilities
ZDI-22-938: Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerabilities
ZDI-22-937: Advantech iView set_useraccount UserName SQL Injection Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
Vulnerabilities
ZDI-22-874: ABB e-Design Link Following Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-876: Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-875: ABB e-Design Link Following Denial-of-Service Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab…
Vulnerabilities
ZDI-22-879: ZyXel AP Configurator Incorrect Permission Assignment Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of ZyXel AP Configurator. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-877: Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-878: Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to bypass System Integrity Protection on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-873: (Pwn2Own) Prosys OPC UA SDK for Java OPC UA Messages Resource Exhaustion Denial-of-Service Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA SDK for Java. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-872: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability.
Vulnerabilities
ZDI-22-871: Microsoft SharePoint Chart Deserialization of Untrusted Data Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability.
Vulnerabilities
ZDI-22-868: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-867: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-869: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-866: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-870: SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-859: SAP 3D Visual Enterprise Viewer JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-858: SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-863: SAP 3D Visual Enterprise Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-865: SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-853: Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability
by ZDI: Published Advisories •
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerabilities
ZDI-22-855: (Pwn2Own) Unified Automation OPC UA C++ Demo Server TranslateBrowsePathsToNodeId Resource Exhaustion Denial-of-Service Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-862: SAP 3D Visual Enterprise Viewer PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-854: (Pwn2Own) OPC Foundation UA .NET Standard Resource Exhaustion Denial-of-Service Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
Vulnerabilities
ZDI-22-860: SAP 3D Visual Enterprise Viewer AI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-864: SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
Vulnerabilities
ZDI-22-856: OPC Foundation UA .NET Standard Improper Input Validation Authentication Bypass Vulnerability
by ZDI: Published Advisories •
Vulnerabilities
ZDI-22-861: SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
by ZDI: Published Advisories •
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…