NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2019-3473 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2019-3472 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2019-3471 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2019-3470 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2019-3469 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2019-3468 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | 該当なし | 0.24% | 2020-01-06 | 2023-11-06 |
| CVE-2014-6275 | FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | 5.9 | 0.94% | 2020-01-02 | 2026-06-16 |
| CVE-2013-7351 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | 6.1 | 2.21% | 2020-01-02 | 2026-06-16 |
| CVE-2019-3467 | Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | 7.8 | 0.50% | 2019-12-23 | 2026-06-16 |
| CVE-2012-2237 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | 6.1 | 2.87% | 2019-12-17 | 2026-06-16 |
| CVE-2014-1867 | suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | 7.8 | 0.41% | 2019-12-13 | 2026-06-16 |
| CVE-2015-0841 | Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | 7.5 | 2.23% | 2019-12-09 | 2026-06-16 |
| CVE-2015-0837 | The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." | 5.9 | 1.95% | 2019-11-29 | 2026-06-16 |
| CVE-2012-2248 | An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable. | 8.1 | 2.44% | 2019-11-27 | 2026-06-16 |
| CVE-2015-1396 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | 7.5 | 3.22% | 2019-11-25 | 2026-06-16 |
| CVE-2014-5255 | xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. | 7.0 | 0.37% | 2019-11-21 | 2026-06-16 |
| CVE-2014-5254 | xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. | 4.7 | 0.34% | 2019-11-21 | 2026-06-16 |
| CVE-2015-2793 | Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. | 6.1 | 1.69% | 2019-11-21 | 2026-06-16 |
| CVE-2012-2238 | trytond 2.4: ModelView.button fails to validate authorization | 7.5 | 1.76% | 2019-11-21 | 2026-06-16 |
| CVE-2019-3466 | The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | 7.8 | 0.50% | 2019-11-20 | 2026-06-16 |