CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 421CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 80%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1322
https://notcve.org/view.php?id=CVE-2004-1322
15 Dec 2004 — Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. • http://www.ciac.org/ciac/bulletins/p-060.shtml •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2002-1190
https://notcve.org/view.php?id=CVE-2002-1190
15 Oct 2002 — Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. • http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2002-1189
https://notcve.org/view.php?id=CVE-2002-1189
11 Oct 2002 — The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. La configuración por defecto de Cisco Unity 2.x y 3.x no bloquea llamadas internacioneles con operados, lo que podría permitir a usuarios autenticados hacer llamadas internacionales usando desvío (forwarding) de llamadas. • http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml •