Unity8
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12939 | Cri | 0.64 | 9.8 | 0.05 | Aug 18, 2017 | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | ||
| CVE-2015-7946 | 0.00 | — | 0.00 | May 7, 2020 | Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1. | |||
| CVE-2015-9288 | 0.00 | — | 0.01 | Jul 29, 2019 | The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials | |||
| CVE-2016-1584 | 0.00 | — | 0.01 | Apr 22, 2019 | In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. | |||
| CVE-2016-1573 | 0.00 | — | 0.00 | Apr 22, 2019 | Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope. | |||
| CVE-2014-3202 | 0.00 | — | 0.00 | May 6, 2014 | Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. |
- risk 0.64cvss 9.8epss 0.05
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
- CVE-2015-7946May 7, 2020risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
- CVE-2015-9288Jul 29, 2019risk 0.00cvss —epss 0.01
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials
- CVE-2016-1584Apr 22, 2019risk 0.00cvss —epss 0.01
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.
- CVE-2016-1573Apr 22, 2019risk 0.00cvss —epss 0.00
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
- CVE-2014-3202May 6, 2014risk 0.00cvss —epss 0.00
Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.