VYPR
Vendor

Linuxdeepin

Products
9
CVEs
11
Across products
13
Status
Private

Products

9

Recent CVEs

11
  • CVE-2016-15045HigJul 23, 2025
    risk 0.58cvss epss 0.00

    A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user…

  • CVE-2017-7622HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a…

  • CVE-2025-23222HigJan 24, 2025
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can access D-Bus services as root. Specifically, dde-api-proxy runs as root and forwards messages from arbitrary local users to legacy D-Bus methods in the actual D-Bus services, and the…

  • CVE-2023-50700HigJul 26, 2024
    risk 0.51cvss 7.8epss 0.00

    Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.

  • CVE-2026-35207MedApr 9, 2026
    risk 0.28cvss 5.4epss 0.00

    dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the…

  • CVE-2023-50255Dec 27, 2023
    risk 0.00cvss epss 0.01

    Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to…

  • CVE-2023-50254Dec 22, 2023
    risk 0.00cvss epss 0.02

    Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution…

  • CVE-2019-13229Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system…

  • CVE-2019-13228Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content…

  • CVE-2019-13227Jul 4, 2019
    risk 0.00cvss epss 0.00

    In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not…

  • CVE-2019-13226Jul 4, 2019
    risk 0.00cvss epss 0.00

    deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted…