Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2010-3299

    The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.... Read more

    Affected Products : debian_linux rails
    • EPSS Score: %0.22
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3293

    mailscanner can allow local users to prevent virus signatures from being updated... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.06
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3292

    The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whi... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.03
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-3282

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, w... Read more

    • EPSS Score: %0.05
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2010-3095

    mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.07
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-3048

    Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.... Read more

    Affected Products : unified_personal_communicator
    • EPSS Score: %0.66
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2010-2783

    IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.... Read more

    Affected Products : icedtea6
    • EPSS Score: %0.45
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2010-2548

    IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.... Read more

    Affected Products : icedtea6
    • EPSS Score: %0.26
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-2525

    A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.14
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-2496

    stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer... Read more

    Affected Products : pacemaker cluster_glue
    • EPSS Score: %0.04
    • Published: Oct. 18, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-2490

    Mumble: murmur-server has DoS due to malformed client query... Read more

    Affected Products : debian_linux mumble
    • EPSS Score: %0.50
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-2488

    NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.... Read more

    Affected Products : znc
    • EPSS Score: %1.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2476

    syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.... Read more

    Affected Products : syscp
    • EPSS Score: %0.53
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-2473

    Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.... Read more

    Affected Products : drupal
    • EPSS Score: %0.28
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2010-2472

    Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting... Read more

    Affected Products : drupal
    • EPSS Score: %0.44
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-2471

    Drupal versions 5.x and 6.x has open redirection... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %0.48
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-2450

    The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so t... Read more

    Affected Products : debian_linux service_provider
    • EPSS Score: %0.16
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-2449

    Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.... Read more

    Affected Products : gource
    • EPSS Score: %0.56
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2447

    gitolite before 1.4.1 does not filter src/ or hooks/ from path names.... Read more

    Affected Products : gitolite
    • EPSS Score: %0.51
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2446

    Rbot Reaction plugin allows command execution... Read more

    Affected Products : rbot
    • EPSS Score: %0.78
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results