CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2011-0189
https://notcve.org/view.php?id=CVE-2011-0189
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. La configuración por defecto de Terminal en Apple Mac OS X v10.6 antes de v10.6.7 utiliza el protocolo SSH versión 1 dentro del cuadro de diálogo Nueva Conexión Remota, lo que podría hacer más fácil para los atacantes "man-in-the-middle" falsificar servidores SSH mediante el aprovechamiento de las vulnerabilidades del protocolo. • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 • CWE-16: Configuration •
CVSS: 5.1EPSS: 0%CPEs: 21EXPL: 1CVE-2005-1341
https://notcve.org/view.php?id=CVE-2005-1341
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://remahl.se/david/vuln/012 http://secunia.com/advisories/15227 http://securitytracker.com/id?1013882 http://www.kb.cert.org/vuls/id/994510 http://www.osvdb.org/16083 http://www.securityfocus.com/bid/13480 http://www.vupen.com/english/advisories/2005/0455 •
CVSS: 7.5EPSS: 64%CPEs: 11EXPL: 1CVE-2005-1342
https://notcve.org/view.php?id=CVE-2005-1342
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://remahl.se/david/vuln/011 http://secunia.com/advisories/15227 http://www.kb.cert.org/vuls/id/356070 http://www.osvdb.org/16084 http://www.securityfocus.com/bid/13480 http://www.us-cert.gov/cas/techalerts/TA05-136A.html http://www.vupen.com/english/advisories/2005/0455 •
CVSS: 7.2EPSS: 4%CPEs: 2EXPL: 2CVE-2002-1898 – Apple Mac OSX 10.2 - Terminal.APP Telnet Link Command Execution
https://notcve.org/view.php?id=CVE-2002-1898
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. • https://www.exploit-db.com/exploits/21815 http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172 http://lists.apple.com/archives/security-announce/2002/Sep/msg00001.html http://www.iss.net/security_center/static/10156.php http://www.securityfocus.com/bid/5768 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •