Etiqueta: CVE

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.

CWE-200

CWE-200 An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

CVE-2016-4655

CVE-2016-4655 The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. (CWE-200) CVSS v2.0 Severity and Metrics: Base Score: 7.1 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N CVSS v3.0 Severity and Metrics: Base Score: 5.5 MEDIUM Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2017-12939

CVE-2017-12939 A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. (CWE-20) CVSS v2.0 Severity and Metrics: Base Score: 7.5 HIGH Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v3.0 Severity and Metrics: Base Score: 9.8 CRITICAL Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20

CWE-20 The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts […]

CVE-2016-4657

CVE-2016-4657 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. (CWE-119) CVSS v2.0 Severity and Metrics: Base Score: 6.8 MEDIUM Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS v3.0 Severity and Metrics: Base Score: 8.8 HIGH Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-264

CWE-264 Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

CVE-2016-4654

CVE-2016-4654 IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. (CWE-119 , CWE-264) CVSS v2.0 Severity and Metrics: Base Score: 9.3 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v3.0 Severity and Metrics: Base Score: 7.8 HIGH Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H