eyeos_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk denial of service and vendor risk cross-site scripting などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2007-4609 | eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. | [email protected] | 6.4 | 0.71% | 2007-08-31 | 2026-04-23 |
| CVE-2006-5071 | Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | [email protected] | 4.3 | 0.51% | 2006-09-28 | 2026-04-23 |
| CVE-2006-0636 | desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | [email protected] | 7.5 | 1.30% | 2006-02-10 | 2026-04-16 |
| CVE-2005-3414 | eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. | [email protected] | 7.5 | 1.41% | 2005-11-01 | 2026-04-16 |
| CVE-2005-3413 | Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter. | [email protected] | 4.3 | 0.59% | 2005-11-01 | 2026-04-16 |