CVE-2020-8875

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-129
View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10028.

Related Vulnerabilities

CVE-2017-16391

HIGH
CVSS:8.8(High)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th...

CWE-1292017

CVE-2017-16410

HIGH
CVSS:8.8(High)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. Th...

CWE-1292017

CVE-2018-11263

HIGH
CVSS:8.8(High)

In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats re...

CWE-1292018

CVE-2018-11489

HIGH
CVSS:8.8(High)

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is...

CWE-1292018

CVE-2018-11490

HIGH
CVSS:8.8(High)

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode -...

CWE-1292018

CVE-2018-11891

HIGH
CVSS:8.8(High)

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLA...

CWE-1292018