CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16025 – Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-16025
23 Sep 2020 — A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and inject... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2114
https://notcve.org/view.php?id=CVE-2014-2114
04 Apr 2014 — Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. Vulnerabilidad de XSS en UserServlet en Cisco Emergency Responder (ER) 8.6 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCun24384. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2115
https://notcve.org/view.php?id=CVE-2014-2115
04 Apr 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. Múltiples vulnerabilidades de CSRF en páginas de CERUserServlet en Cisco Emergency Responder (ER) 8.6 y anteriores permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCun24250. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2116
https://notcve.org/view.php?id=CVE-2014-2116
04 Apr 2014 — Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. Cisco Emergency Responder (ER) 8.6 y anteriores permite a atacantes remotos inyectar páginas web y modificar contenido dinámico a través de parámetros no especificados, también conocido como Bug ID CSCun37882. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2117
https://notcve.org/view.php?id=CVE-2014-2117
04 Apr 2014 — Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. Múltiples vulnerabilidades de redirección abierta en Cisco Emergency Responder (ER) 8.6 y anteriores permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de parámetros no especificados, también conocido como Bug ID ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1346
https://notcve.org/view.php?id=CVE-2012-1346
06 Aug 2012 — Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. Cisco Emergency Responder v8.6 y v9.2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de paquetes malformados UDP al puerto CERPT, también conocido como Bug ID CSCtx38369. • https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 5%CPEs: 8EXPL: 0CVE-2008-1154
https://notcve.org/view.php?id=CVE-2008-1154
04 Apr 2008 — The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communicat... • http://secunia.com/advisories/29670 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 79%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 7.5EPSS: 2%CPEs: 34EXPL: 1CVE-2004-1759
https://notcve.org/view.php?id=CVE-2004-1759
21 Jan 2004 — Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. • http://secunia.com/advisories/10696 • CWE-399: Resource Management Errors •