Skip to main content
CVE-2012-2686 MEDIUM POC THREAT This Month

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 63.1%.

OpenSSL Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
63.1%
Threat
4.4
CVE-2013-0189 MEDIUM PATCH This Month

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 69.7%.

Buffer Overflow Denial Of Service Squid Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
69.7%
CVE-2013-0170 MEDIUM PATCH This Month

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 20.2%.

RCE Denial Of Service Memory Corruption Use After Free Libvirt +10
NVD
CVSS 2.0
6.8
EPSS
20.2%
CVE-2013-0263 MEDIUM PATCH This Month

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 16.1%.

RCE Rack
NVD GitHub
CVSS 2.0
5.1
EPSS
16.1%
CVE-2013-1619 MEDIUM POC This Month

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gnutls
NVD
CVSS 2.0
4.0
EPSS
1.2%
CVE-2013-0166 MEDIUM This Month

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
9.5%
CVE-2013-1639 MEDIUM This Month

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Opera Browser
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0242 MEDIUM PATCH This Month

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Glibc
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-0262 MEDIUM PATCH This Month

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rack
NVD GitHub
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-1623 MEDIUM This Month

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyassl
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1620 MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services Ubuntu Linux Enterprise Manager Ops Center +12
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1621 MEDIUM PATCH This Month

Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Polarssl
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1618 MEDIUM This Month

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Opera Browser
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2013-1624 MEDIUM PATCH This Month

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Java Information Disclosure Bc Java Legion Of The Bouncy Castle C Cryptography Api
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy