{"url":"http://public2.vulnerablecode.io/api/packages/91692?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.12-20?distro=trixie","type":"deb","namespace":"debian","name":"cluster-glue","version":"1.0.12-20","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.0.12-21","latest_non_vulnerable_version":"1.0.12-25","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65226?format=json","vulnerability_id":"VCID-qxv3-cktn-87d8","summary":"stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2496.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2496","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12757","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12718","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12637","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12668","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2496"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974363","reference_id":"1974363","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974363"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91691?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91692?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.12-20?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.12-20%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91690?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.12-21?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.12-21%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91694?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.12-24?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.12-24%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/91693?format=json","purl":"pkg:deb/debian/cluster-glue@1.0.12-25?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.12-25%3Fdistro=trixie"}],"aliases":["CVE-2010-2496"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxv3-cktn-87d8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cluster-glue@1.0.12-20%3Fdistro=trixie"}