CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2018-0253
https://notcve.org/view.php?id=CVE-2018-0253
02 May 2018 — A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successfu... • http://www.securityfocus.com/bid/104075 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 19%CPEs: 1EXPL: 0CVE-2018-0147 – Cisco Secure Access Control System Java Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2018-0147
08 Mar 2018 — A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privilege... • http://www.securityfocus.com/bid/103328 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12354
https://notcve.org/view.php?id=CVE-2017-12354
30 Nov 2017 — A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interf... • http://www.securityfocus.com/bid/101986 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6769
https://notcve.org/view.php?id=CVE-2017-6769
07 Aug 2017 — A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5). Una vulnerabilidad en la interfaz de gestión web de Cisco Secure Access Control System (ACS) podría permitir que un atacante remoto autenticado lleve a cabo un ataque de Cross-... • http://www.securityfocus.com/bid/99985 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3838
https://notcve.org/view.php?id=CVE-2017-3838
22 Feb 2017 — A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS basado en DOM contra el usuario de la interfaz web del sistema afectado. M... • http://www.securityfocus.com/bid/96234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3839
https://notcve.org/view.php?id=CVE-2017-3839
22 Feb 2017 — An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). Una vulnerabilidad XML External Entity en la interfaz de usuario basada en web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado tener acceso de lectura a par... • http://www.securityfocus.com/bid/96236 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3840
https://notcve.org/view.php?id=CVE-2017-3840
22 Feb 2017 — A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa, también conocido como una Open Redirect Vulnerabi... • http://www.securityfocus.com/bid/96238 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3841
https://notcve.org/view.php?id=CVE-2017-3841
22 Feb 2017 — A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado revelar información sensible. Más Información: CSCvc04854. • http://www.securityfocus.com/bid/96237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •