Tag: CVE

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.

CVE-2016-4656

CVE-2016-4656 The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. (CWE-264) CVSS v2.0 Severity and Metrics: Base Score: 9.3 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v3.0 Severity and Metrics: Base Score: 7.8 HIGH Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-200

CWE-200 An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

CVE-2016-4655

CVE-2016-4655 The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. (CWE-200) CVSS v2.0 Severity and Metrics: Base Score: 7.1 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N CVSS v3.0 Severity and Metrics: Base Score: 5.5 MEDIUM Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2017-12939

CVE-2017-12939 A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. (CWE-20) CVSS v2.0 Severity and Metrics: Base Score: 7.5 HIGH Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v3.0 Severity and Metrics: Base Score: 9.8 CRITICAL Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20

CWE-20 The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts […]