Published Advisories

PUBLISHED ADVISORIES

The following is a list of all publicly disclosed vulnerabilities discovered by Zero Day Initiative researchers. While the affected vendor is working on a patch for these vulnerabilities, Trend Micro customers are protected from exploitation by security filters delivered ahead of public disclosure.

All security vulnerabilities that are acquired by the Zero Day Initiative are handled according to the ZDI Disclosure Policy. Once the affected vendor patches the vulnerability, we publish an accompanying security advisory which describes the issue, including links to the vendor's fixes.

Available in RSS Format
ZDI ID ZDI CAN AFFECTED VENDOR(S) CVE CVSS v3.0 PUBLISHED UPDATED TITLE
ZDI-25-030 ZDI-CAN-25187 Microsoft CVE-2025-21363 7.8 2025-01-15 2025-01-15 Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
ZDI-25-029 ZDI-CAN-25332 Microsoft CVE-2025-21331 7.8 2025-01-15 2025-01-15 Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-028 ZDI-CAN-25188 Microsoft CVE-2025-21298 7.8 2025-01-15 2025-01-15 Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability
ZDI-25-027 ZDI-CAN-23793 Google CVE-2024-2886 5.4 2025-01-12 2025-01-12 (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
ZDI-25-026 ZDI-CAN-24744 Mintty CVE-2024-45301 5.3 2025-01-10 2025-01-10 Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
ZDI-25-025 ZDI-CAN-22247 Avira CVE-2024-9525 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-024 ZDI-CAN-22246 Avira CVE-2024-9524 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-023 ZDI-CAN-22245 Avira CVE-2024-9523 7.8 2025-01-09 2025-01-09 Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
ZDI-25-022 ZDI-CAN-25404 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-021 ZDI-CAN-25364 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-020 ZDI-CAN-25366 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-019 ZDI-CAN-25339 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-018 ZDI-CAN-25341 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-017 ZDI-CAN-25340 Apple   3.3 2025-01-09 2025-01-09 Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-016 ZDI-CAN-25263 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-015 ZDI-CAN-25213 Apple CVE-2024-44240, CVE-2024-44302 3.3 2025-01-09 2025-01-09 Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-25-014 ZDI-CAN-24821 SonicWALL CVE-2024-53706 7.8 2025-01-09 2025-01-09 SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
ZDI-25-013 ZDI-CAN-24820 SonicWALL CVE-2024-53705 8.1 2025-01-09 2025-01-09 SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
ZDI-25-012 ZDI-CAN-24819 SonicWALL CVE-2024-53704 9.8 2025-01-09 2025-01-09 SonicWALL NSv Authentication Bypass Vulnerability
ZDI-25-011 ZDI-CAN-24818 SonicWALL CVE-2024-40762 8.8 2025-01-09 2025-01-09 SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
ZDI-25-010 ZDI-CAN-24487 Redis CVE-2024-46981 7.2 2025-01-09 2025-01-09 Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
ZDI-25-009 ZDI-CAN-24143 Redis CVE-2024-55656 8.8 2025-01-09 2025-01-09 Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability
ZDI-25-008 ZDI-CAN-24932 Trend Micro CVE-2024-55955 6.7 2025-01-08 2025-01-08 Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
ZDI-25-007 ZDI-CAN-23401 Trend Micro CVE-2024-52047 7.5 2025-01-08 2025-01-08 Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
ZDI-25-006 ZDI-CAN-24674 Trend Micro CVE-2024-52049 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-005 ZDI-CAN-24675 Trend Micro CVE-2024-52048 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-004 ZDI-CAN-24566 Trend Micro CVE-2024-55917 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
ZDI-25-003 ZDI-CAN-24557 Trend Micro CVE-2024-55632 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
ZDI-25-002 ZDI-CAN-24609 Trend Micro CVE-2024-52050 7.8 2025-01-08 2025-01-08 Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
ZDI-25-001 ZDI-CAN-23995 Trend Micro CVE-2024-55631 7.8 2025-01-08 2025-01-08 Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability