Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Deepin Security Vulnerabilities

cve
cve

CVE-2017-7622

dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escal...

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-03 04:23 PM
19
cve
cve

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrar...

7CVSS

6.6AI Score

0.001EPSS

2019-07-04 12:15 PM
27
cve
cve

CVE-2019-13227

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.

5.5CVSS

5.9AI Score

0.001EPSS

2019-07-04 12:15 PM
31
cve
cve

CVE-2019-13228

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker contr...

4.7CVSS

5.6AI Score

0.001EPSS

2019-07-04 12:15 PM
28
cve
cve

CVE-2019-13229

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content...

5.5CVSS

5.9AI Score

0.001EPSS

2019-07-04 12:15 PM
28
cve
cve

CVE-2023-50254

Deepin Linux's default document reader deepin-reader software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by...

9.3CVSS

7.8AI Score

0.006EPSS

2023-12-22 05:15 PM
7
cve
cve

CVE-2023-50255

Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.1...

9.3CVSS

7.7AI Score

0.003EPSS

2023-12-27 05:15 PM
13