| 0 |
|
| 1 |
| url |
VCID-32p9-e481-ayh7 |
| vulnerability_id |
VCID-32p9-e481-ayh7 |
| summary |
The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2060 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.79295 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.79321 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.79327 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01207 |
| scoring_system |
epss |
| scoring_elements |
0.79319 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2060 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2060
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-32p9-e481-ayh7 |
|
| 2 |
|
| 3 |
| url |
VCID-b757-b3zk-c7d8 |
| vulnerability_id |
VCID-b757-b3zk-c7d8 |
| summary |
OUSPG researcher Aki Helin reported a buffer
overflow in Mozilla graphics code which consumes image data processed
by libpng. A malformed PNG file could be created which would cause
libpng to incorrectly report the size of the image to downstream
consumers. When the dimensions of such images are underreported, the
Mozilla code responsible for displaying the graphic will allocate too
small a memory buffer to contain the image data and will wind up
writing data past the end of the buffer. This could result in the
execution of attacker-controlled memory. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-1205
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b757-b3zk-c7d8 |
|
| 4 |
| url |
VCID-cg7m-wj97-8bbm |
| vulnerability_id |
VCID-cg7m-wj97-8bbm |
| summary |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0946 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.16376 |
| scoring_system |
epss |
| scoring_elements |
0.94984 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.16376 |
| scoring_system |
epss |
| scoring_elements |
0.94992 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.16376 |
| scoring_system |
epss |
| scoring_elements |
0.94993 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.16376 |
| scoring_system |
epss |
| scoring_elements |
0.94996 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0946 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0946
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cg7m-wj97-8bbm |
|
| 5 |
|
| 6 |
|
| 7 |
| url |
VCID-crrp-38db-67ez |
| vulnerability_id |
VCID-crrp-38db-67ez |
| summary |
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00121 |
| scoring_system |
epss |
| scoring_elements |
0.30649 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00121 |
| scoring_system |
epss |
| scoring_elements |
0.30722 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00121 |
| scoring_system |
epss |
| scoring_elements |
0.30689 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00121 |
| scoring_system |
epss |
| scoring_elements |
0.30656 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-3736 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3736
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-crrp-38db-67ez |
|
| 8 |
| url |
VCID-d41u-1jzs-1kht |
| vulnerability_id |
VCID-d41u-1jzs-1kht |
| summary |
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2945 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14243 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14314 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14316 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.14281 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2945 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2945
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d41u-1jzs-1kht |
|
| 9 |
|
| 10 |
| url |
VCID-fayh-3pv7-4yg3 |
| vulnerability_id |
VCID-fayh-3pv7-4yg3 |
| summary |
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4896 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01589 |
| scoring_system |
epss |
| scoring_elements |
0.81965 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.01589 |
| scoring_system |
epss |
| scoring_elements |
0.81998 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.01589 |
| scoring_system |
epss |
| scoring_elements |
0.81999 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.01589 |
| scoring_system |
epss |
| scoring_elements |
0.82 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4896 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4896
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fayh-3pv7-4yg3 |
|
| 11 |
|
| 12 |
|
| 13 |
| url |
VCID-g7dr-zw6q-4qbn |
| vulnerability_id |
VCID-g7dr-zw6q-4qbn |
| summary |
Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2529 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72743 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72781 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72789 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72771 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2529 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2529
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g7dr-zw6q-4qbn |
|
| 14 |
|
| 15 |
| url |
VCID-kd8u-szc8-6kc9 |
| vulnerability_id |
VCID-kd8u-szc8-6kc9 |
| summary |
gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0732 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12748 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12831 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12836 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12797 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0732 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0732
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kd8u-szc8-6kc9 |
|
| 16 |
| url |
VCID-kz5j-ywnn-6bh6 |
| vulnerability_id |
VCID-kz5j-ywnn-6bh6 |
| summary |
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0361 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21568 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21647 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21633 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0007 |
| scoring_system |
epss |
| scoring_elements |
0.21588 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0361 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0361
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kz5j-ywnn-6bh6 |
|
| 17 |
| url |
VCID-nvaf-cdp6-tuev |
| vulnerability_id |
VCID-nvaf-cdp6-tuev |
| summary |
Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0829 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0504 |
| scoring_system |
epss |
| scoring_elements |
0.89927 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0504 |
| scoring_system |
epss |
| scoring_elements |
0.89943 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0504 |
| scoring_system |
epss |
| scoring_elements |
0.89944 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0504 |
| scoring_system |
epss |
| scoring_elements |
0.89941 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0829 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0829
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nvaf-cdp6-tuev |
|
| 18 |
|
| 19 |
| url |
VCID-qfdj-kxdb-3bhk |
| vulnerability_id |
VCID-qfdj-kxdb-3bhk |
| summary |
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0360 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48493 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48556 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48564 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0025 |
| scoring_system |
epss |
| scoring_elements |
0.48545 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0360 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0360
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qfdj-kxdb-3bhk |
|
| 20 |
| url |
VCID-qqyn-7ve8-g3cx |
| vulnerability_id |
VCID-qqyn-7ve8-g3cx |
| summary |
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4411 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.20995 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21069 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.21055 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00068 |
| scoring_system |
epss |
| scoring_elements |
0.2101 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4411 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4411
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qqyn-7ve8-g3cx |
|
| 21 |
| url |
VCID-s8bc-fcx6-tuae |
| vulnerability_id |
VCID-s8bc-fcx6-tuae |
| summary |
Google security researcher Tavis Ormandy reported
several memory safety hazards to the libpng project, an
external library used by Mozilla to render PNG images. These vulnerabilities
could be used by a malicious website to crash a victim's browser and
potentially execute arbitrary code on their computer. libpng
was upgraded to version 1.2.35 which containis fixes for these flaws. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0040 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.08276 |
| scoring_system |
epss |
| scoring_elements |
0.92386 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.08276 |
| scoring_system |
epss |
| scoring_elements |
0.92399 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.08276 |
| scoring_system |
epss |
| scoring_elements |
0.92395 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.08276 |
| scoring_system |
epss |
| scoring_elements |
0.9239 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0040 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0040
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s8bc-fcx6-tuae |
|
| 22 |
| url |
VCID-shqg-s8xy-skae |
| vulnerability_id |
VCID-shqg-s8xy-skae |
| summary |
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-0553
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-shqg-s8xy-skae |
|
| 23 |
|
| 24 |
| url |
VCID-u3sv-pcka-gfea |
| vulnerability_id |
VCID-u3sv-pcka-gfea |
| summary |
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0001
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u3sv-pcka-gfea |
|
| 25 |
| url |
VCID-v1cr-g77p-gyfs |
| vulnerability_id |
VCID-v1cr-g77p-gyfs |
| summary |
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2192 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.10222 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.10267 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.10287 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.10246 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2192 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2192
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v1cr-g77p-gyfs |
|
| 26 |
| url |
VCID-vg3a-h2pv-xqab |
| vulnerability_id |
VCID-vg3a-h2pv-xqab |
| summary |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2624 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.07318 |
| scoring_system |
epss |
| scoring_elements |
0.91824 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.07318 |
| scoring_system |
epss |
| scoring_elements |
0.91837 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.07318 |
| scoring_system |
epss |
| scoring_elements |
0.91838 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.07318 |
| scoring_system |
epss |
| scoring_elements |
0.91835 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-2624 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-2624
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vg3a-h2pv-xqab |
|
| 27 |
| url |
VCID-vgx8-s773-a3be |
| vulnerability_id |
VCID-vgx8-s773-a3be |
| summary |
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0054 |
| scoring_system |
epss |
| scoring_elements |
0.6797 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.0054 |
| scoring_system |
epss |
| scoring_elements |
0.6801 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.0054 |
| scoring_system |
epss |
| scoring_elements |
0.68018 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.0054 |
| scoring_system |
epss |
| scoring_elements |
0.68007 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3005 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-3005
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgx8-s773-a3be |
|
| 28 |
|
| 29 |
| url |
VCID-ycwr-5r6q-7yht |
| vulnerability_id |
VCID-ycwr-5r6q-7yht |
| summary |
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2251 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02416 |
| scoring_system |
epss |
| scoring_elements |
0.8539 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.02416 |
| scoring_system |
epss |
| scoring_elements |
0.85414 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.02416 |
| scoring_system |
epss |
| scoring_elements |
0.85418 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.02416 |
| scoring_system |
epss |
| scoring_elements |
0.85413 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-2251 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2251
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ycwr-5r6q-7yht |
|
| 30 |
| url |
VCID-z2sy-q9qr-1uh2 |
| vulnerability_id |
VCID-z2sy-q9qr-1uh2 |
| summary |
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4029 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72747 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72786 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72793 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00716 |
| scoring_system |
epss |
| scoring_elements |
0.72776 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4029 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4029
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z2sy-q9qr-1uh2 |
|