CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4863
https://notcve.org/view.php?id=CVE-2008-4863
31 Oct 2008 — Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. Vulnerabilidad de ruta de búsqueda no confiada en BPY_interface in Blender v2.46 permite a usuarios locales ejecutar código de su elección mediante un archivo Python caballo de troya en el directorio actual, relacionado con una configuración errónea de sys.p... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1103 – Gentoo Linux Security Advisory 201311-07
https://notcve.org/view.php?id=CVE-2008-1103
28 Apr 2008 — Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." Múltiples vulnerabilidades no especificadas en Blender tienen un impacto y vectores de ataque desconocidos, relacionado con "temas de ficheros temporales". Multiple vulnerabilities have been found in Blender, the worst of which could allow attackers to execute arbitrary code. Versions less than 2.49b-r2 are affected. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0CVE-2008-1102 – Gentoo Linux Security Advisory 201311-07
https://notcve.org/view.php?id=CVE-2008-1102
21 Apr 2008 — Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. Desbordamiento de búfer basado en pila en la función imb_loadhdr de Blender 2.45 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un fichero .blend que contiene imágenes Radiance RGBE manipuladas. Multiple vulnerabilities have been found in Blender, the worst of whi... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 0CVE-2007-1253
https://notcve.org/view.php?id=CVE-2007-1253
03 Mar 2007 — Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. Vulnerabilidad de inyección de evaluación en el (a) Script para Blender 0.1.9h kmz_ImportWithMesh.py tal y como se usa en (b) Blender versiones anteriores a 2.43, permite a usuarios remotos con la ayuda del usuario ejecutar código Pyton de su elección importando un fi... • http://osvdb.org/33836 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 3%CPEs: 20EXPL: 2CVE-2005-4470
https://notcve.org/view.php?id=CVE-2005-4470
22 Dec 2005 — Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. • http://secunia.com/advisories/18176 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2005-3302 – Blender 2.36 - '.BVF' File Import Python Code Execution
https://notcve.org/view.php?id=CVE-2005-3302
24 Oct 2005 — Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. • https://www.exploit-db.com/exploits/27728 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3151
https://notcve.org/view.php?id=CVE-2005-3151
05 Oct 2005 — Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. • http://secunia.com/advisories/17013 •