CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 20CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 7%CPEs: 4EXPL: 0CVE-2022-44702 – Windows Terminal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-44702
13 Dec 2022 — Windows Terminal Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en terminal de Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44702 •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2007-2593
https://notcve.org/view.php?id=CVE-2007-2593
11 May 2007 — The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. El Terminal Server del Microsoft Windows 2003 Server, cuando utiliza TLS, permite a atacantes remotos evi... • http://osvdb.org/36146 •
CVSS: 10.0EPSS: 26%CPEs: 1EXPL: 1CVE-2006-4465
https://notcve.org/view.php?id=CVE-2006-4465
31 Aug 2006 — Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code ** IMPUGNADA ** Microsoft Terminal Server, al ejecutar una sesión de aplicación con las opciones "Ejec... • http://securityreason.com/securityalert/1486 •
CVSS: 9.8EPSS: 34%CPEs: 49EXPL: 0CVE-2005-1212
https://notcve.org/view.php?id=CVE-2005-1212
14 Jun 2005 — Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. El desbordamiento de búfer en Microsoft Step-by-Step Interactive Training (orun32.exe) permite a los atacantes remotos ejecutar código arbitrario a través de un archivo de enlace de marcadores (extensión.cbo, cbl o.cbm) con un campo de usuario largo. • http://idefense.com/application/poi/display?id=262&type=vulnerabilities&flashstatus=true •
CVSS: 8.1EPSS: 24%CPEs: 49EXPL: 0CVE-2005-1214
https://notcve.org/view.php?id=CVE-2005-1214
14 Jun 2005 — Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. Microsoft Agent permite a los atacantes remotos falsificar contenido de Internet de confianza y ejecutar código arbitrario disfrazando las indicaciones de seguridad en una página web maliciosa. • http://secunia.com/advisories/15689 •
CVSS: 7.4EPSS: 9%CPEs: 2EXPL: 1CVE-2005-1794
https://notcve.org/view.php?id=CVE-2005-1794
01 Jun 2005 — Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. • https://github.com/InitRoot/CVE-2005-1794Scanner •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 3CVE-2003-0496 – Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0496
10 Jul 2003 — Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. Microsoft Windows 2000 pre-SP4 no maneja adecuadamente tuberias con nombre (named pipes) a través de la API CreateFile, de forma que usuarios locales pueden ganar privilegios llamando al procedimiento almacenado extendidoxp_fileexist de SQL Server con un nombre de tubería como argumento en ve... • https://www.exploit-db.com/exploits/22882 •
CVSS: 7.8EPSS: 2%CPEs: 45EXPL: 0CVE-2003-0112
https://notcve.org/view.php?id=CVE-2003-0112
26 Apr 2003 — Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. Desbordamiento de búfer en el Kernel de Windows permite a usuarios locales ganar privilegios haciendo que ciertos mensajes de error sean pasados a un depurador. • http://www.kb.cert.org/vuls/id/446338 •
CVSS: 9.8EPSS: 26%CPEs: 11EXPL: 1CVE-2003-0111 – Microsoft Java Virtual Machine 3802 Series - Bytecode Verifier
https://notcve.org/view.php?id=CVE-2003-0111
15 Apr 2003 — The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." El componente Verificador de ByteCode de la Máquina Virtual (VW) de Microsoft compilación 5.0.3809 y anteriores, usada en en Windows y en Internet Explorer, permite a atacantes remotos eludir comprobaciones de s... • https://www.exploit-db.com/exploits/22027 •