聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-4370 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once join | 10.0 | 0.38% | 2026-04-01 | 2026-06-17 |
| CVE-2023-1523 | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. | 10.0 | 1.45% | 2023-09-01 | 2026-06-17 |
| CVE-2013-1049 | Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response. | 10.0 | 3.12% | 2013-03-13 | 2026-06-16 |
| CVE-2008-5184 | The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | 10.0 | 3.67% | 2008-11-20 | 2026-06-16 |
| CVE-2008-3533 | Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. | 10.0 | 19.39% | 2008-08-18 | 2026-06-16 |
| CVE-2026-5412 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issue is resolved in Juju versions 2.9.57 and 3.6.21. | 9.9 | 0.45% | 2026-04-10 | 2026-06-17 |
| CVE-2022-1736 | Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | 9.8 | 0.70% | 2025-01-30 | 2026-06-17 |
| CVE-2019-7304 | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. | 9.8 | 61.08% | 2019-04-23 | 2026-06-16 |
| CVE-2016-1585 | In all versions of AppArmor mount rules are accidentally widened when compiled. | 9.8 | 1.03% | 2019-04-22 | 2026-06-16 |
| CVE-2016-1580 | The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core." | 9.8 | 3.48% | 2016-05-13 | 2026-06-16 |
| CVE-2016-1578 | Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | 9.8 | 3.04% | 2016-05-13 | 2026-06-16 |
| CVE-2014-9746 | The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | 9.8 | 3.29% | 2016-06-07 | 2026-06-16 |
| CVE-2024-6107 | Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. | 9.6 | 0.35% | 2025-07-21 | 2026-06-17 |
| CVE-2014-1427 | A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | 9.6 | 1.09% | 2019-04-22 | 2026-06-16 |
| CVE-2026-28384 | An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the snap versions 5.0.6-e49d9f4 (channel 5.0/stable), 5.21.4-1374f39 (channel 5.21/stable), and 6.7-1f11451 (channel 6.0 stable). The channel 4.0/stable is not affected as it contains version 4.0.10. | 9.4 | 0.50% | 2026-03-12 | 2026-06-17 |
| CVE-2023-32550 | Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. | 9.3 | 0.43% | 2023-06-06 | 2026-06-17 |
| CVE-2020-27352 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. | 9.3 | 0.26% | 2024-06-21 | 2026-06-16 |
| CVE-2020-15708 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | 9.3 | 0.38% | 2020-11-05 | 2026-06-16 |
| CVE-2011-0724 | The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | 9.3 | 2.93% | 2011-02-18 | 2026-06-16 |
| CVE-2010-3907 | Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow. | 9.3 | 5.77% | 2011-01-03 | 2026-06-16 |