CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 15CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 97%CPEs: 398EXPL: 406CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3466
https://notcve.org/view.php?id=CVE-2013-3466
29 Aug 2013 — The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidad... • http://osvdb.org/96668 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-0105
https://notcve.org/view.php?id=CVE-2007-0105
09 Jan 2007 — Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Desbordamiento de búfer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante una petición HTTP GET manipulada. • http://secunia.com/advisories/23629 •
CVSS: 10.0EPSS: 21%CPEs: 15EXPL: 0CVE-2006-4098
https://notcve.org/view.php?id=CVE-2006-4098
31 Dec 2006 — Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. Desbordamiento de búfer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante un paquete de petició... • http://osvdb.org/36126 •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2006-4097
https://notcve.org/view.php?id=CVE-2006-4097
31 Dec 2006 — Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. Múltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Wind... • http://osvdb.org/36125 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2006-3226
https://notcve.org/view.php?id=CVE-2006-3226
26 Jun 2006 — Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." Cisco Secure Access Control Server (ACS) v4.x para Windows usa la dirección IP de cliente y el número de puerto del servidor para otorgar acceso al puerto HTTP server para una sesión de administración, ... • http://secunia.com/advisories/20816 •
CVSS: 9.8EPSS: 1%CPEs: 156EXPL: 0CVE-2005-4499
https://notcve.org/view.php?id=CVE-2005-4499
22 Dec 2005 — The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 •
CVSS: 7.5EPSS: 86%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •