Page 6 of 30 results (0.022 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. Vulnerabilidad de ruta de búsqueda no confiada en BPY_interface in Blender v2.46 permite a usuarios locales ejecutar código de su elección mediante un archivo Python caballo de troya en el directorio actual, relacionado con una configuración errónea de sys.path por la función PySys_SetArgv. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 http://security.gentoo.org/glsa/glsa-201001-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:038 http://www.openwall.com/lists/oss-security/2008/10/27/1 •

CVSS: 6.8EPSS: 29%CPEs: 1EXPL: 0

Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image. Desbordamiento de búfer basado en pila en la función imb_loadhdr de Blender 2.45 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un fichero .blend que contiene imágenes Radiance RGBE manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29818 http://secunia.com/advisories/29957 http://secunia.com/advisories/30097 http://secunia.com/advisories/30151 http://secunia.com/advisories/30272 http://secunia.com/secunia_research/2008-16/advisory http://www.debian.org/security/2008/dsa-1567 http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:204 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. Vulnerabilidad de inyección de evaluación en el (a) Script para Blender 0.1.9h kmz_ImportWithMesh.py tal y como se usa en (b) Blender versiones anteriores a 2.43, permite a usuarios remotos con la ayuda del usuario ejecutar código Pyton de su elección importando un fichero manipulado (1) KML ó (2) KMZ. • http://osvdb.org/33836 http://secunia.com/advisories/24232 http://secunia.com/advisories/24233 http://secunia.com/advisories/24991 http://secunia.com/secunia_research/2007-39/advisory http://secunia.com/secunia_research/2007-40/advisory http://security.gentoo.org/glsa/glsa-200704-19.xml http://www.securityfocus.com/bid/22770 http://www.securitytracker.com/id?1017714 http://www.vupen.com/english/advisories/2007/0798 https://exchange.xforce.ibmcloud.com/vulnerabilities/32778 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. • https://www.exploit-db.com/exploits/27728 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895 http://secunia.com/advisories/19754 http://www.debian.org/security/2006/dsa-1039 http://www.securityfocus.com/bid/17663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument. • http://secunia.com/advisories/17013 http://www.securiteam.com/exploits/5BP0T2KGVA.html http://www.securityfocus.com/bid/14983 •