59 matches found
[SECURITY] Fedora 38 Update: netconsd-0.4-1.fc38
This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...
[SECURITY] Fedora 37 Update: netconsd-0.4-1.fc37
This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...
The vulnerability of Adobe Dimension’s 3D design software lies in the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.
The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory when processing OBJ files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malware file or a specially creat...
SUSE CVE-2016-5028
The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via an object file with empty bss-like sections...
SUSE CVE-2019-20053
An invalid memory address dereference was discovered in the canUnpack function in pmach.cpp in UPX 3.95 via a crafted Mach-O file...
SUSE CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
CVE-2022-41188
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object .obj, ObjTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...
CVE-2022-41166
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object .obj, ObjTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...
PT-2022-25711 · Sap · Sap 3D Visual Enterprise Viewer
Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a user opens a manipulated Wavefront Object .obj file in SAP 3D Visual Enterprise Viewer, the application can crash and become...
Bentley Systems MicroStation和Bentley View 缓冲区错误漏洞
Bentley Systems MicroStation and Bentley View are both products of Bentley Systems, Inc. of the U.S.A. MicroStation is a Cad software platform for 2D and 3D design and drafting.Bentley View is a freeware viewer. A security vulnerability exists in Bentley Systems MicroStation version 10.16. and...
PT-2022-18942 · Bentley · Bentley Microstation Connect
Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.034 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...
IDA2Obj - Static Binary Instrumentation
IDA2Obj is a tool to implement SBI StaticBinary Instrumentation. The working flow is simple: Dump object files COFF directly from one executable binary. Link the object files into a new binary, almost the same as the old one. During the dumping process, you can insert any data/code at any locatio...
Bentley ContextCapture 缓冲区错误漏洞
Bentley ContextCapture is a 3D reality modeling software. A buffer error vulnerability exists in Bentley ContextCapture that stems from a boundary condition when parsing an OBJ file. A remote attacker could create a specially crafted file, trick the victim into opening it, trigger an out-of-bound...
The vulnerability of the Siemens Solid Edge Viewer application, a tool set for design and simulation with Siemens Solid Edge, allows a malicious actor to execute arbitrary code.
The vulnerability of the Siemens Solid Edge Viewer application, a tool for design and simulation, is related to the use of memory after it is freed during OBJ file syntax analysis. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created malicio...
Siemens Solid Edge 缓冲区错误漏洞
Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. information disclosure vulnerability exists in previous versions of Siemens Solid Edge SE2021MP8. An attacker could exploit the vulnerability to obtain information via specially crafted OBJ files...
CVE-2021-32238
Epic Games / Psyonix Rocket League =1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario...
PT-2021-11560 · Libslic3R +2 · Libslic3R +2
Name of the Vulnerable Software and Affected Versions: Slic3r libslic3r version 1.3.0 Slic3r libslic3r Master Commit 92abbc42 Description: An out-of-bounds read issue exists in the TriangleMesh::TriangleMesh functionality when handling obj files. This could lead to information disclosure if a...
golang: malicious symbol names can lead to code execution at build time
An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...
golang: malicious symbol names can lead to code execution at build time
An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...
golang: malicious symbol names can lead to code execution at build time
An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...