CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1723
https://notcve.org/view.php?id=CVE-2020-1723
28 Jan 2021 — A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 Se ha encontrado un fallo en Keycloak Gatekeeper (Louketo). El punto final de cierre de sesión puede ser abusado para redireccionar a los usuarios conectados a páginas web arbitrarias. Versiones afectadas de Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 • https://bugzilla.redhat.com/show_bug.cgi?id=1770276 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7552 – RHMAP Millicore IDE allows RCE on SCM
https://notcve.org/view.php?id=CVE-2017-7552
18 Sep 2017 — A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation. Se ha descubierto una vulnerabilidad en el editor de archivos de milicore que afecta a las versiones anteriores a la 3.19.0 y a las versiones 4.x anteriores a la 4.5.0, lo que permite que los archivos se ... • https://access.redhat.com/errata/RHSA-2017:2674 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7553 – RHMAP: SSRF via external_request feature of App Studio
https://notcve.org/view.php?id=CVE-2017-7553
18 Sep 2017 — The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. La llamada api external_request en App Studio (millicore) permite que se realicen ataques de tipo Server Side Request Forgery (SSRF). Un atacante podría aprovechar este fallo para sondear los recursos internos de la red y acceder a puntos de conexión restringidos. The external_request api call in App Studi... • https://access.redhat.com/errata/RHSA-2017:2674 • CWE-918: Server-Side Request Forgery (SSRF) •