Alexandre Adamski

**Nome do software vulnerável e versões afetadas** Versões do Parallels Desktop anteriores à 18.1.1 **Descrição** Esta vulnerabilidade permite que invasores locais obtenham privilégios elevados em instalações afetadas do Parallels Desktop. Para explorar essa vulnerabilidade, o invasor deve primeiro obter a capacidade de executar código com privilégios elevados no sistema convidado alvo. A falha específica existe no componente Toolgate, resultante da falta de validação adequada de um caminho fornecido pelo usuário antes de usá-lo em operações de arquivo. Um invasor pode aproveitar essa vulnerabilidade para escalar privilégios e executar código arbitrário no contexto do usuário atual no sistema host. A vulnerabilidade decorre de um traversal de diretório e do uso incorreto de strings do Qt, resultando em comportamento inesperado. **Recomendações** Para versões do Parallels Desktop anteriores à 18.1.1, atualize para a versão 18.1.1 ou posterior para resolver a vulnerabilidade. Como solução temporária, considere restringir o acesso ao componente Toolgate até que um patch esteja disponível. Evite usar o componente vulnerável nas versões afetadas do Parallels Desktop até que a vulnerabilidade seja resolvida.

**Nome do software vulnerável e versões afetadas: Versões do RKP anteriores à SMR JUN-2021 Release 1 Descrição: Uma validação de endereço inadequada no RKP permite que invasores locais criem páginas executáveis do kernel fora da área de código, caso o EL1 esteja comprometido. Recomendações: Para versões anteriores ao SMR JUN-2021 Release 1, atualize para o SMR JUN-2021 Release 1 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to the `sh elf set mach from flags` function in the BFD library, which can be exploited by remote attackers using a crafted binary file. This can lead to a denial of service, causing a buffer overflow and application crash, and potentially have other unspecified impacts. The vulnerability can be triggered during the execution of "objdump -D" with a malicious binary file. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the `sh elf set mach from flags` function in the BFD library to minimize the risk of exploitation. Avoid processing untrusted binary files with "objdump -D" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This occurs via a crafted binary file, which is mishandled during execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, consider avoiding the use of the `objdump -D` command with untrusted binary files until a fix is available. As a temporary workaround, restrict access to the `bfd/vms-alpha.c` library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a buffer overflow and application crash, or possibly having other unspecified impacts. This occurs through the mishandling of rae insns printing for a crafted binary file during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that contains a fix for this issue to prevent potential denial of service or other impacts.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to the ieee archive p function in the BFD library, which may allow remote attackers to cause a denial of service, such as a buffer overflow and application crash, or possibly have other unspecified impacts. This can occur via a crafted binary file, as demonstrated by mishandling of the file during "objdump -D" execution. **Recommendations** For GNU Binutils version 2.28, consider avoiding the use of the ieee archive p function until a patch is available, or refrain from processing crafted binary files with "objdump -D" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to the ieee object p function in the BFD library, which may allow remote attackers to cause a denial of service, such as a buffer overflow and application crash, or possibly have other unspecified impacts via a crafted binary file. This can occur during the execution of "objdump -D" with a mishandled file. **Recommendations** For GNU Binutils version 2.28, consider avoiding the use of the ieee object p function until a patch is available, or refrain from processing crafted binary files with "objdump -D" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a buffer overflow and application crash, or possibly having other unspecified impacts. This can be achieved through a crafted binary file, which is mishandled during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that contains a fix for this issue, as using a crafted binary file can lead to a denial of service or other unspecified impacts.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved by using a crafted binary file, which is mishandled during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, update to a version that fixes the score opcodes function issue in opcodes/score7-dis.c to prevent a denial of service or other potential impacts.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to an unbounded GETBYTE macro in the opcodes/rl78-decode.opc file of GNU Binutils. This allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. The issue can be triggered by a crafted binary file, for example, when executing "objdump -D" on such a file. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue. As a temporary workaround, avoid using the "objdump -D" command on untrusted binary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This occurs via a crafted binary file, which is mishandled by the ` bfd vms get value` and ` bfd vms slurp etir` functions during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the `objdump -D` command with untrusted binary files until a patch is available. Avoid using the ` bfd vms get value` and ` bfd vms slurp etir` functions with crafted binary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to the `versados mkobject` function in the Binary File Descriptor (BFD) library, which does not initialize a certain data structure. This allows remote attackers to cause a denial of service, such as a buffer overflow and application crash, or possibly have other unspecified impacts via a crafted binary file. For example, this can occur during the execution of "objdump -D" with a mishandled file. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version does not properly initialize a certain data structure, leading to potential security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to the `process otr` function in the BFD library, which fails to validate a certain offset. This can be exploited by remote attackers using a crafted binary file, potentially leading to a denial of service through a buffer overflow and application crash, or possibly other unspecified impacts. An example of how this issue can be triggered is through the execution of "objdump -D" on a maliciously crafted binary file. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version does not validate certain offsets, leading to potential security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved by using a crafted binary file, which is mishandled during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, update to a version that fixes the issue in opcodes/i386-dis.c to prevent a denial of service or other potential impacts.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved through a crafted binary file, which is mishandled during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as using a crafted binary file with "objdump -D" can lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue is related to a lack of bounds checks for certain scale arrays in the opcodes/rx-decode.opc file. This can be exploited by remote attackers using a crafted binary file, potentially leading to a denial of service through a buffer overflow and application crash. The issue can be triggered during the execution of "objdump -D" with a maliciously crafted file. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that includes the necessary bounds checks to prevent the buffer overflow. As a temporary workaround, restrict the use of "objdump -D" with untrusted binary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a buffer overflow and application crash, or possibly having other unspecified impacts. This can be achieved through a crafted binary file, which is mishandled during the execution of "objdump -D". **Recommendations** For GNU Binutils version 2.28, update to a version that fixes the issue in the print insn score32 function.