Skip to main content
CVE-2013-2061 LOW POC PATCH Monitor

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Openvpn Openvpn Access Server Opensuse
NVD GitHub
CVSS 2.0
2.6
EPSS
1.5%
CVE-2013-5425 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Virtual Enterprise
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5418 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5414 LOW Monitor

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4425 LOW Monitor

The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to. Rated low severity (CVSS 1.9). No vendor patch available.

Authentication Bypass Osirix Osirix Md
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy