macOS Autodesk Fusion 360 <= 2606.0 Multiple Vulnerabilities (adsk-sa-2026-0005)

The version of Autodesk Fusion 360 installed on the remote macOS or Mac OS X host is less than or equal to 2606.0. It is, therefore, affected by multiple vulnerabilities: - A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by ...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

EUVD-2022-32361

Malicious code in bioql PyPI...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

Information disclosure

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

CVE-2022-27873

CVE-2022-27873 affects Autodesk Fusion 360 through the document parser’s Insert SVG pathway. The affected component is the SVG insertion logic in Fusion 360, which can cause the application to initiate arbitrary HTTP requests and potentially disclose the victim’s public IP (and possibly other inf...

CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain...

PT-2022-18658 · Autodesk · Autodesk Fusion 360

Name of the Vulnerable Software and Affected Versions: Autodesk Fusion 360 affected versions not specified Description: The issue allows an attacker to force a victim's device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360's document...

Autodesk Fusion 360 Installed (macOS)

Binary data macosautodeskfusion360installed.nbin...

macOS Autodesk Fusion 360 < 2.0.12888 XXE (adsk-sa-2022-0013)

The version of Autodesk Fusion 360 installed on the remote macOS or Mac OS X host is prior to 2.0.12888. It is, therefore, affected by an XML external entity XXE vulnerability that can cause a victim to perform arbitrary HTTP requests when parsing a malicious SVG file. An unauthenticated, remote...