CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 76%CPEs: 72EXPL: 1CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2020-25710 – openldap: assertion failure in CSN normalization with invalid input
https://notcve.org/view.php?id=CVE-2020-25710
28 Nov 2020 — A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. Se encontró un fallo en OpenLDAP en versiones anteriores a 2.4.56. Este fallo permite a un atacante que envía un paquete malicioso procesado por OpenLDAP forzar una afirmación fallida en la función csnNormalize23(). • https://bugzilla.redhat.com/show_bug.cgi?id=1899678 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5626
https://notcve.org/view.php?id=CVE-2012-5626
23 Jan 2020 — EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. El método EJB en Red Hat JBoss BRMS versión 5; Red Hat JBoss Enterprise Application Platform versión 5; Red Hat JBoss Operations Network versión 3.1; Red Hat JBoss Portal versiones 4 y 5; Red Hat JBoss SOA Platform versio... • https://access.redhat.com/security/cve/cve-2012-5626 •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 1CVE-2019-19906 – cyrus-sasl: denial of service in _sasl_add_string function
https://notcve.org/view.php?id=CVE-2019-19906
19 Dec 2019 — cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es ca... • http://seclists.org/fulldisclosure/2020/Jul/23 • CWE-193: Off-by-one Error CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3701
https://notcve.org/view.php?id=CVE-2014-3701
15 Dec 2019 — eDeploy has tmp file race condition flaws eDeploy tiene fallos de condición de carrera de archivos tmp. • https://access.redhat.com/security/cve/cve-2014-3701 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2014-3699
https://notcve.org/view.php?id=CVE-2014-3699
15 Dec 2019 — eDeploy has RCE via cPickle deserialization of untrusted data eDeploy tiene una RCE por medio de la deserialización cPickle de datos no seguros. • https://access.redhat.com/security/cve/cve-2014-3699 • CWE-502: Deserialization of Untrusted Data •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2148
https://notcve.org/view.php?id=CVE-2012-2148
06 Dec 2019 — An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies Se presenta un problema en la funcionalidad property replacements en cualquier descriptor en JBoxx AS versión 7.1.1 ignora las políticas de seguridad de Java. • https://access.redhat.com/security/cve/cve-2012-2148 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2014-3700
https://notcve.org/view.php?id=CVE-2014-3700
21 Nov 2019 — eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data eDeploy hasta al menos el 14-10-2014, presenta una ejecución de código remota debido a la función eval() de datos no confiables. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3700 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3655
https://notcve.org/view.php?id=CVE-2014-3655
13 Nov 2019 — JBoss KeyCloak is vulnerable to soft token deletion via CSRF JBoss KeyCloak es vulnerable a la eliminación del token soft por medio de CSRF • https://access.redhat.com/security/cve/cve-2014-3655 • CWE-352: Cross-Site Request Forgery (CSRF) •