26 matches found
EUVD-2024-49132
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-8374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerabilit...
CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...
CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...
UltiMaker Cura 安全漏洞
UltiMaker Cura is a free, easy-to-use 3D printing software from UltiMaker, Inc. A security vulnerability exists in UltiMaker Cura v5.8.1 and earlier versions, which originates from a local attacker who can execute arbitrary code via the inter-process communication IPC mechanism...
CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...
PT-2024-34600 · Ultimaker · Ultimaker Cura
Name of the Vulnerable Software and Affected Versions: UltiMaker Cura versions 4.41 and 5.8.1 and earlier Description: The issue allows a local attacker to execute arbitrary code via the Inter-process communication IPC mechanism between the Cura application and CuraEngine processes, localhost...
CVE-2024-51330
CVE-2024-51330 affects UltiMaker Cura up to v4.41 and v5.8.1 and earlier, enabling a local attacker to execute arbitrary code via the Inter-process communication (IPC) between the Cura GUI and CuraEngine, the localhost network stack, and related printing/G-code components on Ultimaker 3D printers...
CVE-2024-51330
An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication IPC mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components,...
CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
UBUNTU-CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
CVE-2024-8374
The CVE-2024-8374 issue affects UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2. It stems from improper handling of the drop_to_buildplate property in 3MF files parsed by the 3MFReader, where the property value is passed to Python eval() without sanitization. This allows an attacker to ...
CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
CVE-2024-8374 Arbitrary Code Injection in Cura
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
CVE-2024-8374 Arbitrary Code Injection in Cura
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
PT-2024-38979 · Ultimaker · Ultimaker Cura
Name of the Vulnerable Software and Affected Versions: UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 Description: The issue arises from improper handling of the drop to buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in...
Ultimaker Cura 安全漏洞
Ultimaker Cura is a state-of-the-art slicer application open-sourced by Ultimaker. It is used to prepare 3D models for 3D printers. A security vulnerability exists in Ultimaker Cura versions 5.7.0-beta.1 through 5.7.2 that stems from improper handling of the droptobuildplate attribute in 3MF file...
cura-glass.nl Cross Site Scripting vulnerability OBB-2784526
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...