37 matches found
EUVD-2020-12711
Malware in sbrugna...
EUVD-2019-13199
Malware in sbrugna...
EUVD-2021-10956
Malware in sbrugna...
CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
CVE-2020-1885
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...
CVE-2019-3562
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11...
AdsExhaust Adware Distributed in Fake Oculus Installer via Google Search
New adware "AdsExhaust" disguises itself as an Oculus installer to steal screenshots, generate fake clicks, and drain resources. Learn how to protect yourself from AdsExhaust and similar threats...
CVE-2024-21625
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...
Remote code execution
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...
CVE-2024-21625
CVE-2024-21625 affects SideQuest desktop (pre-0.10.35). The vulnerability stems from improper sanitization of deep link URLs (sidequest://) in the Electron app, allowing a one-click remote code execution when a device is connected and a user clicks a malicious link from within the app. As of vers...
CVE-2024-21625 One-click remote code execution via malicious deep link
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest:// to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized...
oculus-illustration.ch Cross Site Scripting vulnerability OBB-3485803
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview com.unity.xr.oculus is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
Malicious code in com.unity.xr.oculus (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99a11c7a854e56a08e3f6559004b7d3b862c6c2e7c99bfcb6576c921cd9cde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
Privilege escalation
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
Facebook Oculus Desktop 安全漏洞
Facebook Oculus Desktop is a virtual desktop application from Facebook Inc. that supports the operation of computers in VR. Facebook Oculus Desktop suffers from a security vulnerability that stems from a handle management error in OVRServiceLauncher.exe, which can be exploited by an attacker to...
CVE-2021-24038
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507...
CVE-2021-24038
CVE-2021-24038 affects Oculus Desktop where a bug in the management of handles in OVRServiceLauncher.exe can expose a privileged process handle to an unprivileged process, enabling local privilege escalation . Impact is described for Oculus Desktop versions after 1.39 and before 31.1.0.67.507. Th...