Kategorie: Security

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization.

CVE-2016-4656

CVE-2016-4656 The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. (CWE-264) CVSS v2.0 Severity and Metrics: Base Score: 9.3 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v3.0 Severity and Metrics: Base Score: 7.8 HIGH Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2016-4655

CVE-2016-4655 The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. (CWE-200) CVSS v2.0 Severity and Metrics: Base Score: 7.1 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N CVSS v3.0 Severity and Metrics: Base Score: 5.5 MEDIUM Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2017-12939

CVE-2017-12939 A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. (CWE-20) CVSS v2.0 Severity and Metrics: Base Score: 7.5 HIGH Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS v3.0 Severity and Metrics: Base Score: 9.8 CRITICAL Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20

CWE-20 The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts […]

CVE-2016-4657

CVE-2016-4657 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. (CWE-119) CVSS v2.0 Severity and Metrics: Base Score: 6.8 MEDIUM Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS v3.0 Severity and Metrics: Base Score: 8.8 HIGH Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2016-4654

CVE-2016-4654 IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. (CWE-119 , CWE-264) CVSS v2.0 Severity and Metrics: Base Score: 9.3 HIGH Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v3.0 Severity and Metrics: Base Score: 7.8 HIGH Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H