Vulnerabilities (CVE)

Filtered by vendor Oculus Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28580 2 Adobe, Oculus 4 Medium, Rift, Rift S and 1 more 2024-11-21 9.3 HIGH 8.8 HIGH
Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-24038 1 Oculus 1 Desktop 2024-11-21 4.6 MEDIUM 7.8 HIGH
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.
CVE-2020-1885 1 Oculus 1 Desktop 2024-11-21 4.6 MEDIUM 7.8 HIGH
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.
CVE-2019-3562 1 Oculus 1 Oculus Browser 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.