NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2013-1442 | Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. | 1.2 | 0.11% | 2013-09-30 | 2026-04-29 |
| CVE-2006-3118 | spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue. | 1.2 | 0.07% | 2006-06-30 | 2026-04-16 |
| CVE-2006-0050 | snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. | 1.2 | 0.06% | 2006-03-23 | 2026-04-16 |
| CVE-2005-3342 | noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. | 1.2 | 0.06% | 2005-12-31 | 2026-04-16 |
| CVE-2005-0448 | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | 1.2 | 0.06% | 2005-05-02 | 2026-04-16 |
| CVE-2014-5029 | The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | 1.5 | 0.05% | 2014-07-29 | 2026-05-06 |
| CVE-2014-5030 | CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | 1.9 | 0.05% | 2014-07-29 | 2026-05-06 |
| CVE-2013-1427 | The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. | 1.9 | 0.04% | 2013-03-21 | 2026-04-29 |
| CVE-2012-0218 | Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. | 1.9 | 0.06% | 2012-12-03 | 2026-04-29 |
| CVE-2005-3349 | GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | 1.9 | 0.04% | 2005-11-18 | 2026-04-16 |
| CVE-2005-3126 | The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files. | 1.9 | 0.07% | 2005-12-31 | 2026-04-16 |
| CVE-2006-3123 | Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | 2.1 | 0.06% | 2006-08-07 | 2026-04-16 |
| CVE-2005-4536 | Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. | 2.1 | 0.07% | 2005-12-31 | 2026-04-16 |
| CVE-2005-3885 | The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file. | 2.1 | 0.08% | 2005-11-29 | 2026-04-16 |
| CVE-2005-3531 | fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. | 2.1 | 0.08% | 2005-11-23 | 2026-04-16 |
| CVE-2005-3341 | DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | 2.1 | 0.07% | 2005-12-27 | 2026-04-16 |
| CVE-2005-3268 | yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files. | 2.1 | 0.06% | 2005-10-20 | 2026-04-16 |
| CVE-2005-3124 | syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file. | 2.1 | 0.10% | 2005-11-06 | 2026-04-16 |
| CVE-2005-3121 | A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations. | 2.1 | 0.07% | 2005-10-20 | 2026-04-16 |
| CVE-2005-3119 | Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. | 2.1 | 0.11% | 2005-10-12 | 2026-04-16 |