Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-25-059 ZDI-CAN-25000 Siemens CVE-2024-53041 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-25-058 ZDI-CAN-25206 Siemens CVE-2024-53242 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
ZDI-25-057 ZDI-CAN-25205 Siemens CVE-2024-45471 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-056 ZDI-CAN-25202 Siemens CVE-2024-45469 7.8 2025-01-22 2025-01-22 Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-055 ZDI-CAN-25318 Sante CVE-2025-0574 8.2 2025-01-20 2025-01-20 Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability
ZDI-25-054 ZDI-CAN-25308 Sante CVE-2025-0572 4.3 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
ZDI-25-053 ZDI-CAN-25309 Sante CVE-2025-0573 5.3 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
ZDI-25-052 ZDI-CAN-25303 Sante CVE-2025-0569 7.5 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-051 ZDI-CAN-25305 Sante CVE-2025-0571 6.5 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-050 ZDI-CAN-25304 Sante CVE-2025-0570 6.5 2025-01-20 2025-01-20 Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-049 ZDI-CAN-25302 Sante CVE-2025-0568 7.5 2025-01-20 2025-01-20 Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
ZDI-25-048 ZDI-CAN-24012 Apple CVE-2024-27856 8.8 2025-01-20 2025-01-20 Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
ZDI-25-047 ZDI-CAN-24986 WinZip Computing CVE-2024-8811 7.8 2025-01-20 2025-01-20 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-25-046 ZDI-CAN-25333 Adobe CVE-2025-21127 7.3 2025-01-20 2025-01-20 Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ZDI-25-045 ZDI-CAN-25456 7-Zip CVE-2025-0411 7.0 2025-01-19 2025-01-19 7-Zip Mark-of-the-Web Bypass Vulnerability
ZDI-25-044 ZDI-CAN-25713 Ivanti CVE-2024-13179 7.3 2025-01-19 2025-01-19 Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability
ZDI-25-043 ZDI-CAN-25712 Ivanti CVE-2024-13180 7.5 2025-01-19 2025-01-19 Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
ZDI-25-042 ZDI-CAN-25711 Ivanti CVE-2024-13181 7.3 2025-01-19 2025-01-19 Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
ZDI-25-041 ZDI-CAN-25929 Ivanti CVE-2024-13162 7.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability
ZDI-25-040 ZDI-CAN-25432 Ivanti CVE-2024-13163 7.8 2025-01-19 2025-01-19 Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI-25-039 ZDI-CAN-25431 Ivanti CVE-2024-13164 6.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability
ZDI-25-038 ZDI-CAN-25420 Ivanti CVE-2024-13165 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability
ZDI-25-037 ZDI-CAN-25419 Ivanti CVE-2024-13166 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-036 ZDI-CAN-25418 Ivanti CVE-2024-13167 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-035 ZDI-CAN-25417 Ivanti CVE-2024-13168 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-034 ZDI-CAN-25416 Ivanti CVE-2024-13169 5.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability
ZDI-25-033 ZDI-CAN-25415 Ivanti CVE-2024-13170 7.5 2025-01-19 2025-01-19 Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
ZDI-25-032 ZDI-CAN-25249 Ivanti CVE-2024-13172 7.8 2025-01-19 2025-01-19 Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
ZDI-25-031 ZDI-CAN-25209 Ivanti CVE-2024-13158 7.2 2025-01-19 2025-01-19 Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability
ZDI-25-030 ZDI-CAN-25187 Microsoft CVE-2025-21363 7.8 2025-01-15 2025-01-15 Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
ZDI-25-029 ZDI-CAN-25332 Microsoft CVE-2025-21331 7.8 2025-01-15 2025-01-15 Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-028 ZDI-CAN-25188 Microsoft CVE-2025-21298 7.8 2025-01-15 2025-01-15 Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-25-027 ZDI-CAN-23793 Google CVE-2024-2886 5.4 2025-01-12 2025-01-12 (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
ZDI-25-026 ZDI-CAN-24744 Mintty CVE-2024-45301 5.3 2025-01-10 2025-01-10 Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
ZDI-25-025 ZDI-CAN-22247 Avira CVE-2024-9525 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-024 ZDI-CAN-22246 Avira CVE-2024-9524 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-023 ZDI-CAN-22245 Avira CVE-2024-9523 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-022 ZDI-CAN-25404 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-021 ZDI-CAN-25364 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-020 ZDI-CAN-25366 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-019 ZDI-CAN-25339 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-018 ZDI-CAN-25341 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-017 ZDI-CAN-25340 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-016 ZDI-CAN-25263 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-015 ZDI-CAN-25213 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-014 ZDI-CAN-24821 SonicWALL CVE-2024-53706 7.8 2025-01-09 2025-01-09 SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-25-013 ZDI-CAN-24820 SonicWALL CVE-2024-53705 8.1 2025-01-09 2025-01-09 SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
ZDI-25-012 ZDI-CAN-24819 SonicWALL CVE-2024-53704 9.8 2025-01-09 2025-01-09 SonicWALL NSv Authentication Bypass Vulnerability
ZDI-25-011 ZDI-CAN-24818 SonicWALL CVE-2024-40762 8.8 2025-01-09 2025-01-09 SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
ZDI-25-010 ZDI-CAN-24487 Redis CVE-2024-46981 7.2 2025-01-09 2025-01-09 Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
ZDI-25-009 ZDI-CAN-24143 Redis CVE-2024-55656 8.8 2025-01-09 2025-01-09 Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability
ZDI-25-008 ZDI-CAN-24932 Trend Micro CVE-2024-55955 6.7 2025-01-08 2025-01-08 Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
ZDI-25-007 ZDI-CAN-23401 Trend Micro CVE-2024-52047 7.5 2025-01-08 2025-01-08 Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
ZDI-25-006 ZDI-CAN-24674 Trend Micro CVE-2024-52049 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-005 ZDI-CAN-24675 Trend Micro CVE-2024-52048 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-004 ZDI-CAN-24566 Trend Micro CVE-2024-55917 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-25-003 ZDI-CAN-24557 Trend Micro CVE-2024-55632 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
ZDI-25-002 ZDI-CAN-24609 Trend Micro CVE-2024-52050 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-001 ZDI-CAN-23995 Trend Micro CVE-2024-55631 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability