NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2017-1002150 | python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | 6.1 | 0.81% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002151 | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 7.5 | 1.06% | 2017-09-14 | 2026-06-16 |
| CVE-2017-1002152 | Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | 6.1 | 0.78% | 2019-01-10 | 2026-06-16 |
| CVE-2017-1002153 | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | 7.5 | 1.14% | 2017-10-06 | 2026-06-16 |
| CVE-2017-1002157 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 | 2.80% | 2019-01-10 | 2026-06-16 |
| CVE-2018-1002150 | Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | 9.1 | 1.67% | 2018-04-04 | 2026-06-16 |
| CVE-2020-15853 | supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time. | 5.3 | 0.60% | 2022-10-18 | 2026-06-16 |
| CVE-2020-15855 | Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | 6.1 | 0.40% | 2022-10-07 | 2026-06-16 |
| CVE-2021-30469 | A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | 5.5 | 0.70% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30470 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. | 5.5 | 0.69% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30471 | A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. | 5.5 | 0.73% | 2021-05-26 | 2026-06-16 |
| CVE-2021-30472 | A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | 7.8 | 0.76% | 2021-05-26 | 2026-06-16 |
| CVE-2021-32490 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.91% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32491 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.88% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32492 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 0.93% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32493 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | 7.8 | 1.00% | 2021-06-24 | 2026-06-16 |
| CVE-2021-32494 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. | 10.0 | 0.84% | 2023-07-07 | 2026-06-16 |
| CVE-2021-32495 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. | 10.0 | 0.76% | 2023-07-07 | 2026-06-16 |
| CVE-2021-32613 | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | 5.5 | 1.16% | 2021-05-14 | 2026-06-16 |
| CVE-2021-32614 | A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. | 7.1 | 0.91% | 2021-05-26 | 2026-06-16 |