Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-23-106 ZDI-CAN-19569 Autodesk CVE-2022-42947 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-105 ZDI-CAN-19568 Autodesk CVE-2022-42947 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-104 ZDI-CAN-19567 Autodesk CVE-2022-42946 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-103 ZDI-CAN-19566 Autodesk CVE-2022-42946 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-102 ZDI-CAN-19565 Autodesk CVE-2022-42946 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-101 ZDI-CAN-19564 Autodesk CVE-2022-42946 7.8 2023-02-08 Autodesk Maya PRT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-100 ZDI-CAN-19563 Autodesk CVE-2022-33886 7.8 2023-02-08 Autodesk Maya MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-099 ZDI-CAN-19570 Autodesk CVE-2022-42946 7.8 2023-02-08 Autodesk Maya X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-098 ZDI-CAN-19596 X.Org CVE-2023-0494 7.8 2023-02-08 X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
ZDI-23-097 ZDI-CAN-18565 Microsoft 6.8 2023-02-07 Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-096 ZDI-CAN-19057 Microsoft 6.5 2023-02-07 Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-095 ZDI-CAN-19307 Microsoft 6.5 2023-02-07 Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
ZDI-23-094 ZDI-CAN-17646 Netatalk CVE-2022-43634 9.8 2023-02-06 Netatalk dsi_writeinit Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-093 ZDI-CAN-19046 Cacti CVE-2022-46169 9.8 2023-01-31 2023-01-31 Cacti poll_for_data Command Injection Remote Code Execution Vulnerability
ZDI-23-092 ZDI-CAN-19232 RARLAB CVE-2022-43650 2.5 2023-01-20 RARLAB WinRAR ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-091 ZDI-CAN-19478 Foxit CVE-2022-43649 7.8 2023-01-20 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
ZDI-23-090 ZDI-CAN-19081 Siemens CVE-2021-44014 7.8 2023-01-18 Siemens Solid Edge Viewer JT File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-089 ZDI-CAN-19078 Siemens CVE-2022-47935 7.8 2023-01-18 Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-088 ZDI-CAN-19077 Siemens CVE-2021-44002 7.8 2023-01-18 Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-087 ZDI-CAN-19076 Siemens CVE-2021-44002 7.8 2023-01-18 Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-086 ZDI-CAN-19418 Delta Electronics CVE-2022-41657 8.8 2023-01-18 Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Opcode 512 Directory Traversal Remote Code Execution Vulnerability
ZDI-23-085 ZDI-CAN-19417 Delta Electronics CVE-2022-41657 7.1 2023-01-18 Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Arbitrary File Deletion Vulnerability
ZDI-23-084 ZDI-CAN-19416 Delta Electronics CVE-2022-41657 8.8 2023-01-18 Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Remote Code Execution Vulnerability
ZDI-23-083 ZDI-CAN-19415 Delta Electronics CVE-2022-40202 8.8 2023-01-18 Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Exposed Dangerous Function Remote Code Execution Vulnerability
ZDI-23-082 ZDI-CAN-19414 Delta Electronics CVE-2022-41657 6.5 2023-01-18 Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Information Disclosure Vulnerability
ZDI-23-081 ZDI-CAN-18294 Adobe CVE-2023-21581 3.3 2023-01-18 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-080 ZDI-CAN-19431 Adobe CVE-2023-21603 3.3 2023-01-18 Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-079 ZDI-CAN-19392 Adobe CVE-2023-21601 3.3 2023-01-18 Adobe Dimension OBJ File Parsing Use-After-Free Information Disclosure Vulnerability
ZDI-23-078 ZDI-CAN-19294 Adobe CVE-2023-21597 7.8 2023-01-18 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-077 ZDI-CAN-19323 Adobe CVE-2023-21595 7.8 2023-01-18 Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-076 ZDI-CAN-19324 Adobe CVE-2023-21599 3.3 2023-01-18 Adobe InCopy Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-075 ZDI-CAN-19347 Adobe CVE-2023-21596 7.8 2023-01-18 Adobe InCopy Font Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-074 ZDI-CAN-18889 Adobe CVE-2023-21598 3.3 2023-01-18 Adobe InCopy Font Parsing Use-After-Free Information Disclosure Vulnerability
ZDI-23-073 ZDI-CAN-18883 Adobe CVE-2023-21594 7.8 2023-01-18 Adobe InCopy Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-072 ZDI-CAN-19295 Adobe CVE-2023-21590 7.8 2023-01-18 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-071 ZDI-CAN-19352 Adobe CVE-2023-21589 7.8 2023-01-18 Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-070 ZDI-CAN-19353 Adobe CVE-2023-21592 3.3 2023-01-18 Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-069 ZDI-CAN-19354 Adobe CVE-2023-21588 7.8 2023-01-18 Adobe InDesign Font Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-068 ZDI-CAN-18884 Adobe CVE-2023-21587 7.8 2023-01-18 Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-067 ZDI-CAN-18890 Adobe CVE-2023-21591 3.3 2023-01-18 Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-066 ZDI-CAN-19301 Adobe CVE-2023-21607 7.8 2023-01-18 Adobe Acrobat Reader DC Font Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-065 ZDI-CAN-19300 Adobe CVE-2023-21613 3.3 2023-01-18 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-064 ZDI-CAN-19299 Adobe CVE-2023-21614 3.3 2023-01-18 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-063 ZDI-CAN-19297 Adobe CVE-2023-21606 7.8 2023-01-18 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-062 ZDI-CAN-19469 Adobe CVE-2023-21609 7.8 2023-01-18 Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-061 ZDI-CAN-19240 Adobe CVE-2023-21608 7.8 2023-01-18 Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability
ZDI-23-060 ZDI-CAN-19036 Adobe CVE-2023-21605 7.8 2023-01-18 Adobe Acrobat Reader DC Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-059 ZDI-CAN-18897 Adobe CVE-2023-21585 3.3 2023-01-18 Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-058 ZDI-CAN-18293 Adobe CVE-2023-21579 7.8 2023-01-18 Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability
ZDI-23-057 ZDI-CAN-18336 VMware CVE-2022-31708 4.9 2023-01-18 VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability
ZDI-23-056 ZDI-CAN-17960 VMware CVE-2022-31703 7.5 2023-01-18 VMware vRealize Network Insight downloadFile Directory Traversal Information Disclosure Vulnerability
ZDI-23-055 ZDI-CAN-17959 VMware CVE-2022-31702 9.8 2023-01-18 VMware vRealize Network Insight createSupportBundle Command Injection Remote Code Execution Vulnerability
ZDI-23-054 ZDI-CAN-17957 VMware CVE-2022-31707 7.2 2023-01-18 VMware vRealize Operations CaSA Improper Privilege Management Privilege Escalation Vulnerability
ZDI-23-053 ZDI-CAN-18291 Trend Micro CVE-2022-48191 7.8 2023-01-18 Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
ZDI-23-052 ZDI-CAN-19910 D-Link CVE-2022-43648 8.8 2023-01-18 D-Link DIR-3040 MiniDLNA Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-051 ZDI-CAN-19622 Microsoft CVE-2022-47211 7.8 2023-01-18 Microsoft Word SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-050 ZDI-CAN-19181 Microsoft CVE-2022-47213 7.8 2023-01-18 Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-049 ZDI-CAN-19016 Microsoft CVE-2023-21793 6.6 2023-01-18 Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-048 ZDI-CAN-19126 Microsoft CVE-2023-21792 5.3 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-047 ZDI-CAN-19125 Microsoft CVE-2023-21792 5.3 2023-01-18 Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-046 ZDI-CAN-19004 Microsoft CVE-2023-21792 6.6 2023-01-18 Microsoft 3D Builder WRL File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-045 ZDI-CAN-18990 Microsoft CVE-2023-21792 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-044 ZDI-CAN-19027 Microsoft CVE-2023-21792 6.6 2023-01-18 Microsoft Print 3D WRL File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-043 ZDI-CAN-19035 Microsoft CVE-2023-21792 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-042 ZDI-CAN-19007 Microsoft CVE-2023-21791 6.6 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-041 ZDI-CAN-19009 Microsoft CVE-2023-21790 6.6 2023-01-18 Microsoft 3D Builder WRL File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-040 ZDI-CAN-19129 Microsoft CVE-2023-21789 5.3 2023-01-18 Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-039 ZDI-CAN-19130 Microsoft CVE-2023-21788 5.3 2023-01-18 Microsoft 3D Builder OBJ File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-038 ZDI-CAN-19128 Microsoft CVE-2023-21787 5.3 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-037 ZDI-CAN-19018 Microsoft CVE-2023-21786 6.6 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-036 ZDI-CAN-19127 Microsoft CVE-2023-21785 5.3 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-035 ZDI-CAN-19101 Microsoft CVE-2023-21784 5.3 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-034 ZDI-CAN-19003 Microsoft CVE-2023-21784 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-033 ZDI-CAN-19026 Microsoft CVE-2023-21784 6.6 2023-01-18 Microsoft Print 3D PLY File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-032 ZDI-CAN-18998 Microsoft   6.6 2023-01-18 Microsoft 3D Builder GLTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-031 ZDI-CAN-19124 Microsoft CVE-2023-21782 5.3 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-030 ZDI-CAN-19023 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-029 ZDI-CAN-19022 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft Print 3D PLY File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-028 ZDI-CAN-19015 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-027 ZDI-CAN-19008 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-026 ZDI-CAN-19001 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-025 ZDI-CAN-19000 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-024 ZDI-CAN-18999 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-23-023 ZDI-CAN-18996 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-022 ZDI-CAN-18995 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-021 ZDI-CAN-18994 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-020 ZDI-CAN-18993 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-019 ZDI-CAN-18992 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-018 ZDI-CAN-18991 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-017 ZDI-CAN-18989 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-016 ZDI-CAN-19033 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-23-015 ZDI-CAN-19024 Microsoft CVE-2023-21782 6.6 2023-01-18 Microsoft Print 3D PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-014 ZDI-CAN-19017 Microsoft CVE-2023-21781 6.6 2023-01-18 Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-013 ZDI-CAN-19032 Microsoft CVE-2023-21780 6.6 2023-01-18 Microsoft 3D Builder OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-012 ZDI-CAN-19491 Microsoft CVE-2023-21764 7.0 2023-01-18 Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-23-011 ZDI-CAN-19492 Microsoft CVE-2023-21763 7.8 2023-01-18 Microsoft Exchange TorusUpdateInitialSessionState Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-23-010 ZDI-CAN-19183 Microsoft CVE-2023-21737 7.8 2023-01-18 Microsoft Office Visio DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-009 ZDI-CAN-18647 Microsoft CVE-2023-21547 3.7 2023-01-18 Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
ZDI-23-008 ZDI-CAN-18601 Microsoft CVE-2023-21735 7.8 2023-01-18 Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-007 ZDI-CAN-18598 Microsoft CVE-2023-21734 7.8 2023-01-18 Microsoft Office SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
ZDI-23-006 ZDI-CAN-19041 Microsoft CVE-2023-21745 4.3 2023-01-18 Microsoft Exchange PowerShell Unsafe Reflection Information Disclosure Vulnerability
ZDI-23-005 ZDI-CAN-19092 Microsoft CVE-2023-21736 7.8 2023-01-18 Microsoft Office Visio DXF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-004 ZDI-CAN-18614 Microsoft CVE-2023-21680 7.8 2023-01-18 Microsoft Windows GreStartDocInternal Use-After-Free Local Privilege Escalation Vulnerability
ZDI-23-003 ZDI-CAN-19042 Microsoft CVE-2023-21745 4.3 2023-01-18 Microsoft Exchange PowerShell Unsafe Reflection Information Disclosure Vulnerability
ZDI-23-002 ZDI-CAN-18519 Microsoft CVE-2023-21531 5.3 2023-01-18 Microsoft Azure Service Fabric WAagent Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability
ZDI-23-001 ZDI-CAN-18151 Microsoft CVE-2023-21542 7.8 2023-01-18 Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability