CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1137
https://notcve.org/view.php?id=CVE-2013-1137
27 Feb 2013 — Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930. Cisco Unified Presence Server (CUPS) v8.6, v9.0 y v9.1 antes de v9.1.1 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de paquetes diseñados al puerto SIP TCP, conocido como Bug ID CSCua89930. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •