CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.7EPSS: 0%CPEs: 11EXPL: 0CVE-2018-0414 – Cisco Secure Access Control Server XML External Entity Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-0414
05 Oct 2018 — A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Una vulnerabilidad en la interfaz web de usuario de Cisco Secure Access Control Server podría... • http://www.securityfocus.com/bid/105289 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0207
https://notcve.org/view.php?id=CVE-2018-0207
08 Mar 2018 — A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595. Una vulnerabilidad en la i... • http://www.securityfocus.com/bid/103343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0218
https://notcve.org/view.php?id=CVE-2018-0218
08 Mar 2018 — A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616. Una vulnerabilidad en la i... • http://www.securityfocus.com/bid/103345 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0700
https://notcve.org/view.php?id=CVE-2015-0700
17 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. Vulnerabilidad de CSRF en la página Dashboard en la sección de monitorización y informes en Cisco Secure Access Control Server Solution Engine anterior a 5.5(0.46.5) permite a atacantes remotos secuestrar la autenticación de usuarios ar... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38403 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3380
https://notcve.org/view.php?id=CVE-2013-3380
12 Jun 2013 — The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. La interfaz Web de administración en el Access Control Server en Cisco Secure Access Control System (ACS) no restringe correctamente la página de vista de informe, permitiendo a los usuarios autenticados remotos obtener información sensible... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 79%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2004-1458
https://notcve.org/view.php?id=CVE-2004-1458
31 Dec 2004 — The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. • http://osvdb.org/9182 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2004-1459
https://notcve.org/view.php?id=CVE-2004-1459
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1460
https://notcve.org/view.php?id=CVE-2004-1460
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •