CVE 列表 – 发现高风险与在野利用漏洞

聚合 NVD、CVE 及多源情报,深度解析 RCE 等高危风险。系统集成 CVSS 与 EPSS 模型,动态追踪 Exploit 资源与 PoC 公开状态,研判可利用性。结合官方补丁与修复方案,优化漏洞管理优先级,缩短响应周期,保障资产安全。

分配机构(CNA / 来源):[email protected] 移除此筛选

显示 120804 条结果
«« 第一页 « 上一页 第 1 / 41 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-2219 It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). 7.5 0.42% 2026-03-07 2026-06-17
CVE-2026-11853 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to. 6.5 0.27% 2026-06-10 2026-06-17
CVE-2026-11852 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question. 6.5 0.20% 2026-06-10 2026-06-17
CVE-2025-8454 It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. 9.8 0.23% 2025-08-01 2026-06-17
CVE-2025-6297 It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a 8.2 0.27% 2025-07-01 2026-06-17
CVE-2022-2787 Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. 4.3 0.79% 2022-08-27 2026-06-17
CVE-2022-1664 Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. 9.8 2.87% 2022-05-26 2026-06-17
CVE-2022-0543 KEV It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. 10.0 99.67% 2022-02-18 2026-06-17
CVE-2021-20001 It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. 9.8 1.59% 2022-02-11 2026-06-16
CVE-2020-3812 qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. 5.5 0.43% 2020-05-26 2026-06-16
CVE-2020-3811 qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. 7.5 1.77% 2020-05-26 2026-06-16
CVE-2020-3810 Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. 5.5 1.31% 2020-05-15 2026-06-16
CVE-2019-3467 Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. 7.8 0.50% 2019-12-23 2026-06-16
CVE-2019-3466 The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. 7.8 0.50% 2019-11-20 2026-06-16
CVE-2019-3465 Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. 8.8 3.02% 2019-11-07 2026-06-16
CVE-2019-3464 Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. 9.8 4.70% 2019-02-06 2026-06-16
CVE-2019-3463 Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. 9.8 4.87% 2019-02-06 2026-06-16
CVE-2019-3462 Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. 8.1 14.56% 2019-01-28 2026-06-16
CVE-2019-3461 Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14. 7.0 0.25% 2019-02-04 2026-06-16
CVE-2019-3460 A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. 6.5 1.84% 2019-04-11 2026-06-16
«« 第一页 « 上一页 第 1 / 41 页 下一页 »
cvelogic Threat Intelligence