CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 17%CPEs: 6EXPL: 2CVE-2009-0244
https://notcve.org/view.php?id=CVE-2009-0244
21 Jan 2009 — Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en el Servicio OBEX FTP en la pila de Microsoft Blue... • http://secunia.com/advisories/33598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5460
https://notcve.org/view.php?id=CVE-2007-5460
15 Oct 2007 — Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process. Microsoft ActiveSync versión 4.1, como es usado en Windows Mobile versión 5.0, utiliza un cifrado débil (ofuscación XOR con una clave fija) cuando se envía el PIN y Contraseña del u... • http://osvdb.org/38499 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3362
https://notcve.org/view.php?id=CVE-2007-3362
22 Jun 2007 — ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. ageet AGEphone versiones anteriores a 1.6.2, corriendo en Windows Mobile 5 en dispositivo HTC HyTN Pocket PC, permite a atacantes remotos (1) pr... • http://osvdb.org/37729 •
CVSS: 7.8EPSS: 30%CPEs: 1EXPL: 0CVE-2007-0878
https://notcve.org/view.php?id=CVE-2007-0878
12 Feb 2007 — Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. Vulnerabilidad no especificada en Microsoft Internet Explorer en Windows Mobile 5.0 permite a atacantes remotos provocar una denegación de servicio (pérdida del navegador y otras funcionalidades del disposit... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052293.html •
CVSS: 7.1EPSS: 34%CPEs: 4EXPL: 0CVE-2007-0674
https://notcve.org/view.php?id=CVE-2007-0674
03 Feb 2007 — Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. Imágenes y Videos en el Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (cuelgue del dispositivo) mediante un fichero JPEG mal formado. • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 0CVE-2007-0685
https://notcve.org/view.php?id=CVE-2007-0685
03 Feb 2007 — Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. Internet Explorer en Windows Mobile 5.0 y Windows Mobile 2003 y 2003SE para Smartphones y PocketPC permite a atacantes remotos provocar una denegación de servicio (caída de aplicación e inestabilidad de dispositivo) mediante vectores desconocidos, posible... • http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws •