MidnightBSD

Advisories for unity3d

CVE-2017-12939 HIGH

A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
unity3d unity_editor 5.4.3
unity3d unity_editor 5.5.2
unity3d unity_editor 2017.1.0
unity3d unity_editor 5.4.4
unity3d unity_editor 5.6.0
unity3d unity_editor 5.5.1
unity3d unity_editor 5.6.1
unity3d unity_editor 5.3.8
unity3d unity_editor 5.5.0
unity3d unity_editor 5.4.0
unity3d unity_editor 5.4.1
unity3d unity_editor 5.4.2
unity3d unity_editor 5.6.2
unity3d unity_editor 5.5.3
CVE-2019-9197 MEDIUM

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
unity3d unity_editor *