CVSS: 6.3EPSS: 0%CPEs: 19EXPL: 1CVE-2020-13524
https://notcve.org/view.php?id=CVE-2020-13524
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. Se presenta una vulnerabilidad de corrupción de memoria fuera de límites en la forma en que Pixar OpenUSD versión 20.05, usa datos SPECS de archivos binarios USD. Un archivo malformado especialmente diseñado puede desencadenar un acceso a la memoria fuera de límites y una modificación que resulta en una corrupción de memoria. • http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/kb/HT212011 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-4054
https://notcve.org/view.php?id=CVE-2018-4054
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw. Existe una vulnerabilidad de escalado de privilegios local en la herramienta de instalación de apoyo de la versión 22.2.0 de Pixar Renderman de Mac OS X. Un usuario con acceso local puede aprovechar esta vulnerabilidad para escalar sus privilegios a root. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0728 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5015
https://notcve.org/view.php?id=CVE-2019-5015
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. Existe una vulnerabilidad de escalado de privilegios locales en la versión para Mac OS X de la herramienta de instalación de Pixar Renderman 22.3.0. Un usuario con acceso local puede aprovechar esta vulnerabilidad para escalar sus privilegios a root. • http://www.securityfocus.com/bid/107436 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-4055
https://notcve.org/view.php?id=CVE-2018-4055
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw. Existe una vulnerabilidad de escalado de privilegios local en la herramienta de instalación de apoyo de la versión 22.2.0 de Pixar Renderman de Mac OS X. Un usuario con acceso local puede utilizar esta vulnerabilidad para leer cualquier archivo root desde el sistema de archivos. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0729 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5411 – Pixar's Tractor software, versions 2.2 and earlier, contains a stored cross-site scripting vulnerability
https://notcve.org/view.php?id=CVE-2018-5411
Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable. • http://www.securityfocus.com/bid/106209 https://www.kb.cert.org/vuls/id/756913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •