Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-1573— Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash

EPSS 0.09% · P25
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-1573

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash
Source: NVD (National Vulnerability Database)
Vulnerability Description
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Canonical Unity8 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Canonical Unity8是英国科能(Canonical)公司的一款为GNOME桌面环境所开发的图形用户界面。 Canonical Unity8 8.11+16.04.20160122-0ubuntu1之前版本中的plugins/Dash/CardCreator.js文件存在安全漏洞。攻击者可利用该漏洞执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
UbuntuUnity8 unspecified ~ 8.11+16.04.20160122-0ubuntu1 -

II. Public POCs for CVE-2016-1573

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2016-1573

登录查看更多情报信息。

Same Patch Batch · Ubuntu · 2019-04-22 · 15 CVEs total

CVE-2014-1426get_file_by_name does not check owner
CVE-2014-1427MAAS API vulnerable to CSRF attack
CVE-2014-1428uuid.uuid1() is not suitable as an unguessable identifier/token
CVE-2015-1316Juju Joyent provider uploads user's private ssh key by default
CVE-2015-1320Probe-and-enlist for SeaMicro chassis writes password to the log
CVE-2015-1326python-dbusmock arbitrary code execution or file overwrite when templates are loaded from
CVE-2015-1327Content-hub DBUS API doesn't prevent confined apps from passing paths to files without acc
CVE-2015-1340chmod race in doUidshiftIntoContainer
CVE-2015-1341Apport privilege escalation through Python module imports
CVE-2015-1343unity-scope-gdrive search feature logs search terms to syslog
CVE-2016-1579UDM doesn't check for confinement before running post-processing commands
CVE-2016-1584Unity8 converged application lifecycle allows background applications to use on-screen key
CVE-2016-1586Oxide 输入验证错误漏洞
CVE-2016-1587Snapweb interface 访问控制错误漏洞

IV. Related Vulnerabilities

Same product: Unity8
Same vendor: Ubuntu

V. Comments for CVE-2016-1573

No comments yet

Leave a comment