|Max CVSS||8.5||Min CVSS||2.6||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
|09-10-2019 - 23:06||08-02-2013 - 19:55|
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
|09-08-2018 - 01:29||08-02-2013 - 19:55|
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 18.104.22.168-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
|19-09-2017 - 01:36||06-07-2013 - 13:57|
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 22.214.171.124-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
|19-09-2017 - 01:36||21-06-2013 - 14:55|
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 126.96.36.199-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
|19-09-2017 - 01:36||18-07-2013 - 16:51|
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
|19-09-2017 - 01:36||04-10-2013 - 10:44|
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 188.8.131.52-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa
|19-09-2017 - 01:35||20-10-2012 - 10:41|
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
|19-09-2017 - 01:35||10-10-2012 - 21:55|
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
|19-09-2017 - 01:34||13-01-2012 - 18:55|
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
|19-09-2017 - 01:31||07-03-2013 - 20:55|