[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-6954":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":205,"duplicate_of":9,"upstream":206,"downstream":207,"duplicates":224,"related":225,"reserved_at":9,"published_at":232,"modified_at":233,"state":234,"summary":235,"references_raw":243,"kevs":279,"epss":280,"epss_history":283,"metrics":546,"affected":559},"CVE-2018-6954","systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[196],{"_key":197,"name":198,"source":199,"url":200,"maturity":201,"reliability_score":202,"verified":203,"type":9,"platforms":204,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_SYSTEMD_SYSTEMD","Systemd","github","https://github.com/systemd/systemd/issues/2002","poc",0.3,false,[],[],[],[208,210,212,214,216,218,220,222],{"_key":209},"SUSE-SU-2019:0137-1",{"_key":211},"SUSE-SU-2019:1265-1",{"_key":213},"OPENSUSE-SU-2019:0098-1",{"_key":215},"OPENSUSE-SU-2024:11420-1",{"_key":217},"UBUNTU-CVE-2018-6954",{"_key":219},"USN-3816-1",{"_key":221},"USN-3816-2",{"_key":223},"DEBIAN-CVE-2018-6954",[],[226,227,228,229,230],{"_key":209},{"_key":211},{"_key":213},{"_key":215},{"_key":231},"CGA-PX9R-2M6C-69FP","2018-02-13T20:00:00.000Z","2025-06-09T15:54:51.003Z","Modified",{"cisa_kev":203,"cisa_ransomware":203,"cisa_vendor":9,"epss_severity":236,"epss_score":237,"severity":238,"severity_score":239,"severity_version":240,"severity_source":241,"severity_vector":242,"severity_status":234},"low",0.00145,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[244,252,260,264,269,275],{"url":245,"sources":246,"tags":248},"https://usn.ubuntu.com/3816-2/",[241,247],"nvd",[249,250,251],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":253,"sources":254,"tags":255},"https://github.com/systemd/systemd/issues/7986",[241,247],[256,257,258,259,251],"X Refsource MISC","Exploit","Issue Tracking","Patch",{"url":261,"sources":262,"tags":263},"https://usn.ubuntu.com/3816-1/",[241,247],[249,250,251],{"url":265,"sources":266,"tags":267},"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html",[241,247],[249,268,251],"X Refsource SUSE",{"url":270,"sources":271,"tags":272},"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",[241,247],[273,274],"Mailing List","X Refsource MLIST",{"url":276,"sources":277,"tags":278},"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",[241,247],[273,274],[],{"date":281,"score":237,"percentile":282},"2026-06-05",0.3471,[284,288,291,294,297,300,303,307,310,313,316,319,321,324,327,331,334,337,340,343,346,349,352,354,357,360,363,366,368,371,374,377,380,382,385,388,391,394,397,400,402,405,408,411,414,417,420,423,426,428,431,434,437,439,442,445,448,451,454,457,460,463,466,469,472,475,477,479,482,484,487,490,492,495,498,501,504,507,510,513,516,519,522,525,528,531,534,537,540,543],{"date":285,"score":286,"percentile":287},"2025-11-04",0.00054,0.16629,{"date":289,"score":286,"percentile":290},"2025-11-05",0.16654,{"date":292,"score":286,"percentile":293},"2025-11-06",0.16742,{"date":295,"score":286,"percentile":296},"2025-11-07",0.16761,{"date":298,"score":286,"percentile":299},"2025-11-08",0.16767,{"date":301,"score":286,"percentile":302},"2025-11-09",0.16741,{"date":304,"score":305,"percentile":306},"2025-11-10",0.00104,0.28968,{"date":308,"score":305,"percentile":309},"2025-11-11",0.28991,{"date":311,"score":305,"percentile":312},"2025-11-12",0.29039,{"date":314,"score":305,"percentile":315},"2025-11-13",0.29052,{"date":317,"score":305,"percentile":318},"2025-11-14",0.29046,{"date":320,"score":305,"percentile":312},"2025-11-15",{"date":322,"score":305,"percentile":323},"2025-11-16",0.29009,{"date":325,"score":305,"percentile":326},"2025-11-17",0.28994,{"date":328,"score":329,"percentile":330},"2025-11-18",0.0004,0.07356,{"date":332,"score":329,"percentile":333},"2025-11-19",0.0737,{"date":335,"score":329,"percentile":336},"2025-11-20",0.07401,{"date":338,"score":305,"percentile":339},"2025-11-21",0.29031,{"date":341,"score":305,"percentile":342},"2025-11-22",0.29043,{"date":344,"score":305,"percentile":345},"2025-11-23",0.29008,{"date":347,"score":305,"percentile":348},"2025-11-24",0.28982,{"date":350,"score":305,"percentile":351},"2025-11-25",0.28976,{"date":353,"score":305,"percentile":351},"2025-11-26",{"date":355,"score":305,"percentile":356},"2025-11-27",0.28989,{"date":358,"score":305,"percentile":359},"2025-11-28",0.28962,{"date":361,"score":305,"percentile":362},"2025-11-29",0.28952,{"date":364,"score":305,"percentile":365},"2025-11-30",0.28931,{"date":367,"score":305,"percentile":326},"2025-12-01",{"date":369,"score":305,"percentile":370},"2025-12-02",0.2902,{"date":372,"score":305,"percentile":373},"2025-12-03",0.29028,{"date":375,"score":305,"percentile":376},"2025-12-04",0.28948,{"date":378,"score":305,"percentile":379},"2025-12-05",0.28981,{"date":381,"score":305,"percentile":348},"2025-12-06",{"date":383,"score":305,"percentile":384},"2025-12-07",0.28957,{"date":386,"score":305,"percentile":387},"2025-12-08",0.28964,{"date":389,"score":305,"percentile":390},"2025-12-09",0.29023,{"date":392,"score":305,"percentile":393},"2025-12-10",0.29093,{"date":395,"score":305,"percentile":396},"2025-12-11",0.29123,{"date":398,"score":305,"percentile":399},"2025-12-12",0.2914,{"date":401,"score":305,"percentile":399},"2025-12-13",{"date":403,"score":305,"percentile":404},"2025-12-14",0.2911,{"date":406,"score":305,"percentile":407},"2025-12-15",0.2908,{"date":409,"score":305,"percentile":410},"2025-12-16",0.29099,{"date":412,"score":305,"percentile":413},"2025-12-17",0.29153,{"date":415,"score":305,"percentile":416},"2025-12-18",0.292,{"date":418,"score":305,"percentile":419},"2025-12-19",0.29215,{"date":421,"score":305,"percentile":422},"2025-12-20",0.29189,{"date":424,"score":305,"percentile":425},"2025-12-21",0.29142,{"date":427,"score":305,"percentile":404},"2025-12-22",{"date":429,"score":305,"percentile":430},"2025-12-23",0.29083,{"date":432,"score":305,"percentile":433},"2025-12-24",0.2909,{"date":435,"score":305,"percentile":436},"2025-12-25",0.29159,{"date":438,"score":305,"percentile":413},"2025-12-26",{"date":440,"score":305,"percentile":441},"2025-12-27",0.29149,{"date":443,"score":305,"percentile":444},"2025-12-28",0.29068,{"date":446,"score":305,"percentile":447},"2025-12-29",0.29045,{"date":449,"score":305,"percentile":450},"2025-12-30",0.29042,{"date":452,"score":305,"percentile":453},"2025-12-31",0.29106,{"date":455,"score":305,"percentile":456},"2026-01-01",0.29226,{"date":458,"score":305,"percentile":459},"2026-01-02",0.29223,{"date":461,"score":305,"percentile":462},"2026-01-03",0.29204,{"date":464,"score":305,"percentile":465},"2026-01-04",0.29084,{"date":467,"score":305,"percentile":468},"2026-01-05",0.29078,{"date":470,"score":305,"percentile":471},"2026-01-06",0.29091,{"date":473,"score":305,"percentile":474},"2026-01-07",0.29122,{"date":476,"score":305,"percentile":413},"2026-01-08",{"date":478,"score":305,"percentile":425},"2026-01-09",{"date":480,"score":305,"percentile":481},"2026-01-10",0.2913,{"date":483,"score":305,"percentile":453},"2026-01-11",{"date":485,"score":305,"percentile":486},"2026-01-12",0.29058,{"date":488,"score":305,"percentile":489},"2026-01-13",0.29035,{"date":491,"score":305,"percentile":465},"2026-01-14",{"date":493,"score":305,"percentile":494},"2026-01-15",0.29081,{"date":496,"score":305,"percentile":497},"2026-01-16",0.29105,{"date":499,"score":305,"percentile":500},"2026-01-17",0.29103,{"date":502,"score":305,"percentile":503},"2026-01-18",0.29053,{"date":505,"score":305,"percentile":506},"2026-01-19",0.29017,{"date":508,"score":305,"percentile":509},"2026-01-20",0.29002,{"date":511,"score":305,"percentile":512},"2026-01-21",0.28942,{"date":514,"score":305,"percentile":515},"2026-01-22",0.28912,{"date":517,"score":305,"percentile":518},"2026-01-23",0.28985,{"date":520,"score":305,"percentile":521},"2026-01-24",0.28975,{"date":523,"score":305,"percentile":524},"2026-01-25",0.28898,{"date":526,"score":305,"percentile":527},"2026-01-26",0.28812,{"date":529,"score":305,"percentile":530},"2026-01-27",0.28796,{"date":532,"score":305,"percentile":533},"2026-01-28",0.28776,{"date":535,"score":305,"percentile":536},"2026-01-29",0.28732,{"date":538,"score":305,"percentile":539},"2026-01-30",0.28718,{"date":541,"score":305,"percentile":542},"2026-01-31",0.28719,{"date":544,"score":305,"percentile":545},"2026-02-01",0.28786,[547,552],{"source":241,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":548,"cvss_v4_0":9},{"baseScore":239,"baseSeverity":549,"vectorString":242,"impactScore":550,"exploitabilityScore":551},"HIGH",9.8,4.6,{"source":247,"cvss_v2_0":553,"cvss_v3_0":9,"cvss_v3_1":558,"cvss_v4_0":9},{"baseScore":554,"baseSeverity":9,"vectorString":555,"impactScore":556,"exploitabilityScore":557},7.2,"AV:L/AC:L/Au:N/C:C/I:C/A:C",10,3.9,{"baseScore":239,"baseSeverity":549,"vectorString":242,"impactScore":550,"exploitabilityScore":551},[560,573,579],{"ecosystem":9,"name":561,"vendor":562,"product":563,"cpe_part":564,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":565},"ubuntu linux","canonical","ubuntu_linux","o",[566,569,571],{"version":567,"is_range":203,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"version":570,"is_range":203,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":572,"is_range":203,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"ecosystem":9,"name":574,"vendor":575,"product":574,"cpe_part":564,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":576},"leap","opensuse",[577],{"version":578,"is_range":203,"range_type":568,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":580,"vendor":581,"product":580,"cpe_part":582,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":583},"systemd","systemd_project","a",[584],{"version":585,"is_range":586,"range_type":568,"version_start":9,"version_start_type":9,"version_end":587,"version_end_type":588,"fixed_in":9},"lte237",true,"237","including"]