本頁列出影響 gnu gnump3d 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2019-3697 | UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | [email protected] | 7.7 | 0.13% | 2020-01-24 | 2024-11-21 |
| CVE-2007-6130 | gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | [email protected] | 5.0 | 0.37% | 2007-11-26 | 2026-04-23 |
| CVE-2005-3355 | Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | [email protected] | 6.4 | 0.68% | 2005-11-18 | 2026-04-16 |
| CVE-2005-3349 | GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | [email protected] | 1.9 | 0.04% | 2005-11-18 | 2026-04-16 |
| CVE-2005-3425 | Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | [email protected] | 4.3 | 0.80% | 2005-11-01 | 2026-04-16 |
| CVE-2005-3424 | Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | [email protected] | 4.3 | 0.60% | 2005-11-01 | 2026-04-16 |
| CVE-2005-3123 | Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | [email protected] | 5.0 | 1.26% | 2005-10-30 | 2026-04-16 |