Skip to main content
CVE-2013-0634 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.3%.

Google Denial Of Service Buffer Overflow Adobe Microsoft +2
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
90.3%
Threat
6.1
CVE-2013-0633 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 58.9%.

Google Buffer Overflow Adobe Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
58.9%
Threat
5.1
CVE-2012-2686 MEDIUM POC THREAT This Month

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 63.1%.

OpenSSL Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
63.1%
Threat
4.4
CVE-2013-1465 CRITICAL POC PATCH THREAT Act Now

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

PHP Deserialization Cubecart
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
31.0%
Threat
4.4
CVE-2013-0189 MEDIUM PATCH This Month

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 69.7%.

Buffer Overflow Denial Of Service Squid Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
69.7%
CVE-2013-1638 CRITICAL POC THREAT Emergency

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.4%.

Code Injection RCE Opera Browser
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
25.4%
Threat
4.1
CVE-2012-4700 CRITICAL PATCH Act Now

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.8%.

Buffer Overflow RCE Integraxor
NVD
CVSS 2.0
9.3
EPSS
10.8%
CVE-2013-0170 MEDIUM PATCH This Month

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.2%.

RCE Denial Of Service Memory Corruption Use After Free Libvirt +10
NVD
CVSS 2.0
6.8
EPSS
20.2%
CVE-2013-1637 CRITICAL Act Now

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Opera Browser
NVD
CVSS 2.0
9.3
EPSS
4.6%
CVE-2013-0263 MEDIUM PATCH This Month

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 16.1%.

RCE Rack
NVD GitHub
CVSS 2.0
5.1
EPSS
16.1%
CVE-2013-1619 MEDIUM POC This Month

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.0
EPSS
1.2%
CVE-2013-0166 MEDIUM This Month

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
9.5%
CVE-2013-1639 MEDIUM This Month

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Opera Browser
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0242 MEDIUM PATCH This Month

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Glibc
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-0262 MEDIUM PATCH This Month

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rack
NVD GitHub
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-1623 MEDIUM This Month

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1620 MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services Ubuntu Linux Enterprise Manager Ops Center +12
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1621 MEDIUM PATCH This Month

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Polarssl
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1618 MEDIUM This Month

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Opera Browser
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2013-1624 MEDIUM PATCH This Month

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Java Information Disclosure Bc Java Legion Of The Bouncy Castle C Cryptography Api
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-0169 LOW Monitor

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Openjdk Polarssl
NVD
CVSS 2.0
2.6
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy