cmu 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、パス処理の欠陥, and vendor risk memory corruption に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact memory corruption and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-35467 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials. | [email protected] | 7.5 | 0.01% | 2026-04-02 | 2026-06-03 |
| CVE-2026-35466 | XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services | [email protected] | 6.1 | 0.03% | 2026-04-02 | 2026-06-03 |
| CVE-2026-22190 | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values. | [email protected] | 5.1 | 0.04% | 2026-01-07 | 2026-05-26 |
| CVE-2026-22189 | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on b | [email protected] | 6.9 | 0.12% | 2026-01-07 | 2026-05-26 |
| CVE-2026-22188 | The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefine | [email protected] | 6.9 | 0.01% | 2026-01-07 | 2026-05-26 |
| CVE-2025-27092 | GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability exists in the /api/npcs/{id}/photo endpoint, which is designed to serve profile photos for NPCs (Non-Player Characters) but fails to properly validate and sanitize file paths. When an | [email protected] | 8.7 | 0.57% | 2025-02-19 | 2025-02-27 |
| CVE-2022-31506 | The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | [email protected] | 9.3 | 0.43% | 2022-07-11 | 2024-11-21 |
| CVE-2014-7723 | The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.4 | 0.10% | 2014-10-21 | 2026-05-06 |
| CVE-2014-0027 | The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | [email protected] | 3.3 | 0.07% | 2014-01-26 | 2026-04-29 |
| CVE-2013-4122 | Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. | [email protected] | 4.3 | 1.18% | 2013-10-27 | 2026-04-29 |
| CVE-2011-3481 | The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. | [email protected] | 4.3 | 1.02% | 2011-09-14 | 2026-04-29 |
| CVE-2011-3208 | Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | [email protected] | 7.5 | 9.85% | 2011-09-14 | 2026-04-29 |
| CVE-2011-1926 | The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | [email protected] | 5.1 | 4.87% | 2011-05-23 | 2026-04-29 |
| CVE-2009-2632 | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error. | [email protected] | 4.4 | 0.14% | 2009-09-08 | 2026-04-23 |
| CVE-2009-0663 | Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. | [email protected] | 7.5 | 6.90% | 2009-04-30 | 2026-04-23 |
| CVE-1999-0799 | Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. | [email protected] | 10.0 | 0.51% | 1997-06-01 | 2026-04-16 |