CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6780
https://notcve.org/view.php?id=CVE-2017-6780
07 Sep 2017 — A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to c... • http://www.securityfocus.com/bid/100641 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6362
https://notcve.org/view.php?id=CVE-2015-6362
10 Nov 2015 — The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. La web GUI en Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) y 3.0(0.54) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y modificar la configuración mediante el aprovechamiento del rol Monitor-Only... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1163
https://notcve.org/view.php?id=CVE-2013-1163
01 Apr 2013 — Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. Múltiples vulnerabilidades de inyección SQL en la implementación device-management en Cisco Connected Grid Network Management System (CG-NMS) permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. Aka Bug IDs CSCue14553... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1171
https://notcve.org/view.php?id=CVE-2013-1171
01 Apr 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540. Múltiples vulnerabilidades de XSS en la implementación element-list en Cisco Connected Grid Network Management System (CG-NMS) permite a atacan... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •