CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 11%CPEs: 101EXPL: 1CVE-2017-0247
https://notcve.org/view.php?id=CVE-2017-0247
12 May 2017 — A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Se presenta una vulnerabilidad ... • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
12 May 2017 — An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 4%CPEs: 101EXPL: 0CVE-2017-0256
https://notcve.org/view.php?id=CVE-2017-0256
12 May 2017 — A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •