CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6156
https://notcve.org/view.php?id=CVE-2020-6156
13 Nov 2020 — A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. Se presenta una vulnerabilidad de desbordamiento de la pila en Pixar OpenUSD versión 20.05, cuando el software analiza secciones comprimidas en archivos binarios USD. Para desencadenar esta vulnerabilidad, la víctima necesita abrir un a... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 1CVE-2020-6155
https://notcve.org/view.php?id=CVE-2020-6155
13 Nov 2020 — A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. Se presenta una vulnerabilidad de desbordamiento de la pila en Pixar OpenUSD versión 20.05, mientras se analizan las matrices de repeticiones de valores comprimidos en archivos binari... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1101 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6150
https://notcve.org/view.php?id=CVE-2020-6150
13 Nov 2020 — A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. Se presenta una vulnerabilidad de desbordamiento de la pila en Pixar OpenUSD versión 20.05, cuando el archivo USDC del software formatea un desbordamiento de la pila de descompresión de la sección SPECS • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1094 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2020-13520 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2020-13520
13 Nov 2020 — An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. Se presenta una vulnerabilidad de corrupción de memoria fuera de límites en la forma en que Pixar OpenUSD versión 20.05, reconstruye rutas a partir de archivos USD b... • https://support.apple.com/kb/HT212011 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6147 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2020-6147
13 Nov 2020 — A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. Se presenta una vulnerabilidad de desbordamiento de la pila en Pixar OpenUSD versión 20.05, cuando el software analiza secciones comprimidas en archivos binarios USD. Esta instancia se presenta en el desbordamiento de la pila de descompresión de la sección FIELDS de formato de archivo USDC U... • http://seclists.org/fulldisclosure/2020/Nov/20 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 19EXPL: 1CVE-2020-13524 – Apple Security Advisory 2020-12-14-3
https://notcve.org/view.php?id=CVE-2020-13524
09 Nov 2020 — An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. Se presenta una vulnerabilidad de corrupción de memoria fuera de límites en la forma en que Pixar OpenUSD versión 20.05, usa datos SPECS de archivos binarios US... • http://seclists.org/fulldisclosure/2020/Dec/26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-4054
https://notcve.org/view.php?id=CVE-2018-4054
08 Mar 2019 — A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw. Existe una vulnerabilidad de escalado de privilegios local en la herramienta de instalación de apoyo de la versión 22.2.0 de Pixar Renderman de Mac OS X. Un usuario con acceso local puede aprovechar ... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-4055
https://notcve.org/view.php?id=CVE-2018-4055
08 Mar 2019 — A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw. Existe una vulnerabilidad de escalado de privilegios local en la herramienta de instalación de apoyo de la versión 22.2.0 de Pixar Renderman de Mac OS X. Un usuario con acceso local puede utili... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5015
https://notcve.org/view.php?id=CVE-2019-5015
08 Mar 2019 — A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. Existe una vulnerabilidad de escalado de privilegios locales en la versión para Mac OS X de la herramienta de instalación de Pixar Renderman 22.3.0. Un usuario con acceso local puede aprovechar esta vulnerabilidad p... • http://www.securityfocus.com/bid/107436 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5411 – Pixar's Tractor software, versions 2.2 and earlier, contains a stored cross-site scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-5411
13 Dec 2018 — Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijack... • http://www.securityfocus.com/bid/106209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •