CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3148 – Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2020-3148
04 Mar 2020 — A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to chang... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1840 – Cisco Prime Network Registrar Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1840
18 Apr 2019 — A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the ... • http://www.securityfocus.com/bid/108033 • CWE-665: Improper Initialization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3394
https://notcve.org/view.php?id=CVE-2013-3394
27 Nov 2013 — Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. Vulnerabilidad de XSS en la interfaz web de Cisco Prime Network Registrar 8.1 y anteriores versiones permite a atacantes remotos inyectar script web o HTML arbitrario a través de campos manipulados, también conocido como Bug ID CSCuh41429. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •