CVE-2024-6153 – Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
https://notcve.org/view.php?id=CVE-2024-6153
Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-803 • CWE-693: Protection Mechanism Failure •
CVE-2021-24038
https://notcve.org/view.php?id=CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507. Debido a un bug en la administración de los manejadores en el archivo OVRServiceLauncher.exe, un atacante podría exponer un manejador de proceso privilegiado a un proceso no privilegiado, conllevando a una escalada de privilegios local. Este problema afecta a Oculus Desktop versiones posteriores a 1.39 y anteriores a 31.1.0.67.507. • https://www.facebook.com/security/advisories/cve-2021-24038 • CWE-269: Improper Privilege Management •