Latest CVE Feed
-
5.5
MEDIUMCVE-2010-2496
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer... Read more
- EPSS Score: %0.04
- Published: Oct. 18, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUM- EPSS Score: %0.50
- Published: Oct. 31, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-2488
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.... Read more
Affected Products : znc- EPSS Score: %1.31
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-2476
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.... Read more
Affected Products : syscp- EPSS Score: %0.53
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2010-2473
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.... Read more
Affected Products : drupal- EPSS Score: %0.28
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting... Read more
Affected Products : drupal- EPSS Score: %0.44
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUM- EPSS Score: %0.48
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so t... Read more
- EPSS Score: %0.16
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2010-2449
Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.... Read more
Affected Products : gource- EPSS Score: %0.56
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-2447
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.... Read more
Affected Products : gitolite- EPSS Score: %0.51
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.78
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2010-2250
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.... Read more
Affected Products : drupal- EPSS Score: %0.44
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-2247
makepasswd 1.10 default settings generate insecure passwords... Read more
Affected Products : makepasswd- EPSS Score: %0.47
- Published: Nov. 06, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2010-2243
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.... Read more
Affected Products : linux_kernel- EPSS Score: %0.79
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-2222
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.... Read more
- EPSS Score: %0.44
- Published: Nov. 05, 2019
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2010-2064
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.... Read more
Affected Products : rpcbind- EPSS Score: %0.07
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2010-2061
rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.... Read more
Affected Products : rpcbind- EPSS Score: %0.06
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2010-1678
Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.... Read more
Affected Products : mapserver- EPSS Score: %0.68
- Published: Oct. 29, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2010-1673
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.... Read more
Affected Products : ikiwiki- EPSS Score: %0.33
- Published: Oct. 30, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-1435
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector.... Read more
Affected Products : joomla\!- EPSS Score: %0.01
- Published: Jun. 21, 2021
- Modified: Nov. 21, 2024