Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for unity8 by ubports

    CVE-2015-7946 (GCVE-0-2015-7946)

    Vulnerability from nvd – Published: 2020-05-07 22:15 – Updated: 2024-09-16 22:34
    VLAI
    Title
    MTP service exposed during emergency dialer
    Summary
    Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
    CWE
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/1525981 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Canonical unity8 (Ubuntu) Affected: 8.11 , < 8.11+16.04.20160111.1-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2015-12-14 00:00
    Credits
    Michael Terry
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1525981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity8 (Ubuntu)",
              "vendor": "Canonical",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "8.11+15.04.20160122-0ubuntu1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.11+16.04.20160111.1-0ubuntu1",
                  "status": "affected",
                  "version": "8.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Michael Terry"
            }
          ],
          "datePublic": "2015-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-07T22:15:13.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/1525981"
            }
          ],
          "source": {
            "defect": [
              "https://launchpad.net/bugs/1525981"
            ],
            "discovery": "INTERNAL"
          },
          "title": "MTP service exposed during emergency dialer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2015-12-14T19:07:00.000Z",
              "ID": "CVE-2015-7946",
              "STATE": "PUBLIC",
              "TITLE": "MTP service exposed during emergency dialer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity8 (Ubuntu)",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "8.11",
                                "version_value": "8.11+16.04.20160111.1-0ubuntu1"
                              },
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "8.11",
                                "version_value": "8.11+15.04.20160122-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Michael Terry"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/1525981",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/1525981"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [
                "https://launchpad.net/bugs/1525981"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-7946",
        "datePublished": "2020-05-07T22:15:13.142Z",
        "dateReserved": "2015-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:34:53.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1573 (GCVE-0-2016-1573)

    Vulnerability from nvd – Published: 2019-04-22 15:35 – Updated: 2024-09-16 18:13
    VLAI
    Title
    Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash
    Summary
    Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
    CWE
    • Executing data as code.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ubuntu Unity8 Affected: unspecified , < 8.11+16.04.20160122-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2016-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unity8",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "8.11+16.04.20160122-0ubuntu1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2016-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Executing data as code.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-22T15:35:59.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2016-03-31T00:00:00.000Z",
              "ID": "CVE-2016-1573",
              "STATE": "PUBLIC",
              "TITLE": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unity8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.11+16.04.20160122-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ubuntu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Executing data as code."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138",
                  "refsource": "MISC",
                  "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1573",
        "datePublished": "2019-04-22T15:35:59.410Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:42.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7946 (GCVE-0-2015-7946)

    Vulnerability from cvelistv5 – Published: 2020-05-07 22:15 – Updated: 2024-09-16 22:34
    VLAI
    Title
    MTP service exposed during emergency dialer
    Summary
    Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.
    CWE
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/1525981 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Canonical unity8 (Ubuntu) Affected: 8.11 , < 8.11+16.04.20160111.1-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2015-12-14 00:00
    Credits
    Michael Terry
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:31.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1525981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "unity8 (Ubuntu)",
              "vendor": "Canonical",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "8.11+15.04.20160122-0ubuntu1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "8.11+16.04.20160111.1-0ubuntu1",
                  "status": "affected",
                  "version": "8.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Michael Terry"
            }
          ],
          "datePublic": "2015-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-07T22:15:13.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/1525981"
            }
          ],
          "source": {
            "defect": [
              "https://launchpad.net/bugs/1525981"
            ],
            "discovery": "INTERNAL"
          },
          "title": "MTP service exposed during emergency dialer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2015-12-14T19:07:00.000Z",
              "ID": "CVE-2015-7946",
              "STATE": "PUBLIC",
              "TITLE": "MTP service exposed during emergency dialer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "unity8 (Ubuntu)",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "8.11",
                                "version_value": "8.11+16.04.20160111.1-0ubuntu1"
                              },
                              {
                                "platform": "",
                                "version_affected": "\u003c",
                                "version_name": "8.11",
                                "version_value": "8.11+15.04.20160122-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canonical"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [
              {
                "lang": "eng",
                "value": "Michael Terry"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/1525981",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/1525981"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [
                "https://launchpad.net/bugs/1525981"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2015-7946",
        "datePublished": "2020-05-07T22:15:13.142Z",
        "dateReserved": "2015-10-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:34:53.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1573 (GCVE-0-2016-1573)

    Vulnerability from cvelistv5 – Published: 2019-04-22 15:35 – Updated: 2024-09-16 18:13
    VLAI
    Title
    Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash
    Summary
    Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
    CWE
    • Executing data as code.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ubuntu Unity8 Affected: unspecified , < 8.11+16.04.20160122-0ubuntu1 (custom)
    Create a notification for this product.
    Date Public
    2016-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unity8",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "8.11+16.04.20160122-0ubuntu1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2016-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Executing data as code.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-22T15:35:59.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2016-03-31T00:00:00.000Z",
              "ID": "CVE-2016-1573",
              "STATE": "PUBLIC",
              "TITLE": "Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unity8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.11+16.04.20160122-0ubuntu1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ubuntu"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Executing data as code."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138",
                  "refsource": "MISC",
                  "url": "https://bazaar.launchpad.net/~unity-team/unity8/stable/revision/2138"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/unity8/+bug/1536296"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2016-1573",
        "datePublished": "2019-04-22T15:35:59.410Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:42.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }