482 matches found
MAL-2025-2534 Malicious code in threshold-usd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7887627ef1c2e28caf3cf98b2540953646ef0ac35b627e28cb5fb961e072d327 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in threshold-usd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7887627ef1c2e28caf3cf98b2540953646ef0ac35b627e28cb5fb961e072d327 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2020-6148
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...
CVE-2020-6147
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...
CVE-2020-13493
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...
Contao affected by directory traversal in the file selector widget
Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. Patches Update to Contao 4.13.49. Workarounds None. References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget For more information If you have...
Contao affected by remote command execution through file upload
Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...
GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload
Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...
Fedora: Security Advisory (FEDORA-2023-58af3a2eca)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-34126 ZDI-CAN-24028: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must...
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
usd-2024-0009 | Reflected XSS in Oveleon Cookiebar Details Advisory ID: usd-2024-0009 Product: Cookiebar Affected Version: 2.X Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Security Risk: HIGH,...
Gambio Online Webshop 4.9.2.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gambio onli...
MetaStealer a $125 Ticket to Digital Chaos
Summary: MetaStealer, a nefarious information-stealing malware, initially surfaced in discreet online marketplaces with a pricing structure of USD 125 per month or USD 1000 for an unlimited subscription, subsequently becoming entangled in malvertising campaigns. Threat Level - Red | Attack Report...
The vulnerability of Adobe Dimension’s 3D design software relates to operations that occur beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Adobe Dimension’s 3D design software relates to the execution of operations beyond the buffer boundaries in memory when processing USD format files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by creating a speciall...
Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
CVE-2023-47078 ZDI-CAN-22249: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victi...
Upgraded Q -> 3 from #534 [1702060375162]
Judge has assessed an item in Issue 534 as 3 risk. The relevant finding follows: L-03 Consider use stETH/UDS oracle Issue Description: The sponsor has confirmed their choice of Chainlink as an oracle to fetch prices. Since all other LST price feeds are 18 decimal places, they will most likely use...
Fedora: Security Advisory for usd (FEDORA-2023-d486d13cfd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-def2f95af4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...