Lucene search
K

482 matches found

OSV
OSV
added 2025/03/18 5:48 a.m.4 views

MAL-2025-2534 Malicious code in threshold-usd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7887627ef1c2e28caf3cf98b2540953646ef0ac35b627e28cb5fb961e072d327 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/18 5:48 a.m.4 views

Malicious code in threshold-usd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7887627ef1c2e28caf3cf98b2540953646ef0ac35b627e28cb5fb961e072d327 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 2:45 p.m.9 views

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

8.8CVSS7AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:41 p.m.9 views

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

8.8CVSS7AI score0.01433EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:42 p.m.20 views

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

8.8CVSS7AI score0.0133EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/09/17 2:58 p.m.15 views

Contao affected by directory traversal in the file selector widget

Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. Patches Update to Contao 4.13.49. Workarounds None. References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget For more information If you have...

4.3CVSS6.8AI score0.00427EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 2:58 p.m.26 views

Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

8.8CVSS7.1AI score0.00532EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/09/17 2:58 p.m.7 views

GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

8.7CVSS8.8AI score0.00532EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.36 views

Fedora: Security Advisory (FEDORA-2023-58af3a2eca)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01137EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/08/14 2:55 p.m.27 views

CVE-2024-34126 ZDI-CAN-24028: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must...

5.5CVSS6.3AI score0.00317EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/26 2:28 p.m.14 views

Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar

usd-2024-0009 | Reflected XSS in Oveleon Cookiebar Details Advisory ID: usd-2024-0009 Product: Cookiebar Affected Version: 2.X Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Security Risk: HIGH,...

6.1CVSS6.2AI score0.00423EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2024/04/23 12:0 a.m.377 views

Gambio Online Webshop 4.9.2.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gambio onli...

9.8CVSS9.7AI score0.47829EPSS
Exploits4
hivepro
hivepro
added 2023/12/27 6:31 a.m.15 views

MetaStealer a $125 Ticket to Digital Chaos

Summary: MetaStealer, a nefarious information-stealing malware, initially surfaced in discreet online marketplaces with a pricing structure of USD 125 per month or USD 1000 for an unlimited subscription, subsequently becoming entangled in malvertising campaigns. Threat Level - Red | Attack Report...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/12/15 12:0 a.m.9 views

The vulnerability of Adobe Dimension’s 3D design software relates to operations that occur beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory when processing USD format files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by creating a speciall...

5.5CVSS5.9AI score0.00424EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.17 views

Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/12/14 12:0 a.m.14 views

Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/13 1:10 p.m.24 views

CVE-2023-47078 ZDI-CAN-22249: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...

5.5CVSS5.3AI score0.00424EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.13 views

Upgraded Q -> 3 from #534 [1702060375162]

Judge has assessed an item in Issue 534 as 3 risk. The relevant finding follows: L-03 Consider use stETH/UDS oracle Issue Description: The sponsor has confirmed their choice of Chainlink as an oracle to fetch prices. Since all other LST price feeds are 18 decimal places, they will most likely use...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/11/05 12:0 a.m.46 views

Fedora: Security Advisory for usd (FEDORA-2023-d486d13cfd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01137EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/11/05 12:0 a.m.15 views

Fedora: Security Advisory (FEDORA-2023-def2f95af4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.7AI score0.01137EPSS
Exploits1References12
Rows per page
Query Builder