CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 12012370 筆結果
«« 第一頁 « 上一頁 第 1 / 619 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2014-3537 The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. 1.2 0.38% 2014-07-23 2026-06-16
CVE-2013-4476 Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. 1.2 0.43% 2013-11-13 2026-06-16
CVE-2013-2217 cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. 1.2 0.56% 2013-09-23 2026-06-16
CVE-2012-6095 ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. 1.2 0.69% 2013-01-24 2026-06-16
CVE-2012-3500 scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. 1.2 0.27% 2012-09-30 2026-06-16
CVE-2012-3487 Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. 1.2 0.12% 2012-08-26 2026-06-16
CVE-2012-2678 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. 1.2 0.64% 2012-07-03 2026-06-16
CVE-2012-2313 The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. 1.2 0.56% 2012-06-13 2026-06-16
CVE-2012-2103 The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. 1.2 0.33% 2012-08-26 2026-06-16
CVE-2011-4617 virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. 1.2 0.32% 2011-12-30 2026-06-16
CVE-2011-2724 The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. 1.2 0.43% 2011-09-06 2026-06-16
CVE-2011-2722 The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. 1.2 0.44% 2012-05-25 2026-06-16
CVE-2011-1781 SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). 1.2 0.30% 2011-08-29 2026-06-16
CVE-2011-1769 SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. 1.2 0.29% 2011-08-29 2026-06-16
CVE-2010-3718 Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. 1.2 1.35% 2011-02-10 2026-06-16
CVE-2007-3108 The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. 1.2 0.41% 2007-08-07 2026-06-16
CVE-2007-2453 The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. 1.2 0.38% 2007-06-11 2026-06-16
CVE-2006-1059 The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. 1.2 0.46% 2006-03-30 2026-06-16
CVE-2006-0741 Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address." 1.2 0.37% 2006-03-06 2026-06-16
CVE-2005-0937 Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions. 1.2 0.35% 2005-02-22 2026-06-16
«« 第一頁 « 上一頁 第 1 / 619 頁 下一頁 »
cvelogic Threat Intelligence