CVE-2022-2832 – blender: Null pointer reference in blender thumbnail extractor
https://notcve.org/view.php?id=CVE-2022-2832
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity. Se ha encontrado un fallo en Blender 3.3.0. Existe una desviación de puntero nulo en source/blender/gpu/opengl/gl_backend.cc que puede conducir a la pérdida de confidencialidad e integridad • https://developer.blender.org/D15463 https://developer.blender.org/T99706 https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c https://access.redhat.com/security/cve/CVE-2022-2832 https://bugzilla.redhat.com/show_bug.cgi?id=2118556 • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference CWE-476: NULL Pointer Dereference •
CVE-2022-2833
https://notcve.org/view.php?id=CVE-2022-2833
Endless Infinite loop in Blender-thumnailing due to logical bugs. Un Bucle Infinito en Blender-thumnailing debido a bugs lógicos. • https://developer.blender.org/T99711 https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-2831
https://notcve.org/view.php?id=CVE-2022-2831
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption. Se ha encontrado un fallo en Blender 3.3.0. Un desbordamiento de interger en source/blender/blendthumb/src/blendthumb_extract.cc puede llevar a la caída del programa o a la corrupción de la memoria • https://developer.blender.org/T99705 https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2013-6342 – Tweet Blender <= 4.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php. Vulnerabilidad de XSS en el plugin Tweet Blender anterior a la versión 4.0.2 para WordPress permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro tb_tab_index a wp-admin/options-general.php. WordPress Tweet Blender plugin version 4.0.1 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0072.html http://secunia.com/advisories/55780 http://wordpress.org/plugins/tweet-blender/changelog https://www.htbridge.com/advisory/HTB23180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •