NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2013-1429 | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | 6.3 | 1.30% | 2019-11-07 | 2026-06-16 |
| CVE-2013-1426 | Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. | 6.1 | 1.04% | 2019-11-07 | 2026-06-16 |
| CVE-2013-1425 | ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | 5.5 | 0.34% | 2019-11-07 | 2026-06-16 |
| CVE-2019-3465 | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | 8.8 | 3.02% | 2019-11-07 | 2026-06-16 |
| CVE-2006-4245 | archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. | 8.1 | 0.92% | 2019-11-05 | 2026-06-16 |
| CVE-2006-4243 | linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code. | 9.8 | 1.81% | 2019-11-05 | 2026-06-16 |
| CVE-2005-2354 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | 9.8 | 1.85% | 2019-11-05 | 2026-06-16 |
| CVE-2017-5333 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | 7.8 | 2.22% | 2019-11-04 | 2026-06-16 |
| CVE-2017-5332 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 | 2.11% | 2019-11-04 | 2026-06-16 |
| CVE-2017-5331 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | 7.8 | 0.46% | 2019-11-04 | 2026-06-16 |
| CVE-2015-8980 | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | 9.8 | 6.71% | 2019-11-04 | 2026-06-16 |
| CVE-2005-2352 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | 8.1 | 0.82% | 2019-11-01 | 2026-06-16 |
| CVE-2005-2351 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | 5.5 | 0.35% | 2019-11-01 | 2026-06-16 |
| CVE-2005-2350 | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | 6.1 | 0.82% | 2019-11-01 | 2026-06-16 |
| CVE-2005-2349 | Zoo 2.10 has Directory traversal | 7.5 | 1.85% | 2019-10-28 | 2026-06-16 |
| CVE-2019-3460 | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | 6.5 | 1.84% | 2019-04-11 | 2026-06-16 |
| CVE-2019-3459 | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | 6.5 | 1.84% | 2019-04-11 | 2026-06-16 |
| CVE-2019-3464 | Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.70% | 2019-02-06 | 2026-06-16 |
| CVE-2019-3463 | Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 | 4.87% | 2019-02-06 | 2026-06-16 |
| CVE-2019-3461 | Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14. | 7.0 | 0.25% | 2019-02-04 | 2026-06-16 |