Filtered by vendor Cisco
Subscribe
Search
Total
1504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1312 | 1 Cisco | 2 Asa 5500 Csc-ssm, Asa 5500 Csc-ssm Firmware | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. | |||||
| CVE-2016-1326 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. | |||||
| CVE-2016-1348 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | |||||
| CVE-2016-1349 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | |||||
| CVE-2016-1360 | 1 Cisco | 1 Prime Lan Management Solution | 2016-12-03 | 3.0 LOW | 7.1 HIGH |
| Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. | |||||
| CVE-2016-1362 | 1 Cisco | 1 Aireos | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCun86747. | |||||
| CVE-2016-1325 | 1 Cisco | 3 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware, Dpc3941 Wireless Residential Voice Gateway | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. | |||||
| CVE-2016-1384 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898. | |||||
| CVE-2016-1386 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. | |||||
| CVE-2016-1389 | 1 Cisco | 1 Webex Meetings Server | 2016-12-03 | 4.3 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695. | |||||
| CVE-2016-1345 | 1 Cisco | 2 Asa With Firepower Services, Firesight System Software | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | |||||
| CVE-2015-6260 | 1 Cisco | 10 Nexus 5548p, Nexus 5548up, Nexus 5596t and 7 more | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. | |||||
| CVE-2015-6313 | 1 Cisco | 7 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 4 more | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | |||||
| CVE-2015-6312 | 1 Cisco | 6 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 3 more | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. | |||||
| CVE-2015-0718 | 1 Cisco | 3 Nx-os, Nx-os 1000v Switch, Unified Computing System | 2016-12-03 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | |||||
| CVE-2016-1392 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-01 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. | |||||
| CVE-2016-1410 | 1 Cisco | 1 Webex Meeting Center | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | |||||
| CVE-2016-1373 | 1 Cisco | 1 Finesse | 2016-12-01 | 5.0 MEDIUM | 8.6 HIGH |
| The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. | |||||
| CVE-2016-1369 | 1 Cisco | 1 Asa With Firepower Services | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922. | |||||
| CVE-2016-1400 | 1 Cisco | 1 Telepresence Video Communication Server | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | |||||
| CVE-2016-1407 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576. | |||||
| CVE-2016-1404 | 1 Cisco | 1 Ucs Invicta C3124sa Appliance | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504. | |||||
| CVE-2016-1380 | 1 Cisco | 1 Web Security Appliance | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171. | |||||
| CVE-2016-1381 | 1 Cisco | 1 Web Security Appliance | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270. | |||||
| CVE-2016-1382 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. | |||||
| CVE-2016-1383 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2016-12-01 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305. | |||||
| CVE-2016-1402 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2016-11-30 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2016-1436 | 1 Cisco | 1 Asr 5000 Software | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198. | |||||
| CVE-2016-1427 | 1 Cisco | 1 Prime Network Registrar | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | |||||
| CVE-2016-6430 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2016-11-28 | 6.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). | |||||
| CVE-2016-6446 | 1 Cisco | 1 Meeting Server | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | |||||
| CVE-2016-6444 | 1 Cisco | 1 Meeting Server | 2016-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | |||||
| CVE-2016-6399 | 1 Cisco | 9 Ace 4700 Series Application Control Engine Appliance, Ace 4700 Series Application Control Engine Appliance A1, Ace 4700 Series Application Control Engine Appliance A3 and 6 more | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | |||||
| CVE-2016-6408 | 1 Cisco | 1 Prime Home | 2016-11-28 | 4.3 MEDIUM | 7.5 HIGH |
| Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | |||||
| CVE-2016-6419 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485. | |||||
| CVE-2016-6377 | 1 Cisco | 1 Media Origination System Suite | 2016-11-28 | 6.8 MEDIUM | 8.1 HIGH |
| Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | |||||
| CVE-2016-6355 | 1 Cisco | 1 Ios Xr | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. | |||||
| CVE-2016-1441 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.4 MEDIUM | 8.2 HIGH |
| Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | |||||
| CVE-2016-1458 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | |||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.5 MEDIUM | 7.1 HIGH |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | |||||
| CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 7.5 HIGH | 8.6 HIGH |
| Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||||
| CVE-2016-1405 | 2 Cisco, Clamav | 3 Email Security Appliance, Web Security Appliance, Clamav | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | |||||
| CVE-2016-1335 | 1 Cisco | 1 Asr 5000 Series Software | 2016-08-04 | 7.1 HIGH | 7.5 HIGH |
| The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. | |||||
| CVE-2016-1390 | 1 Cisco | 2 Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2016-08-04 | 7.2 HIGH | 7.8 HIGH |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. | |||||
| CVE-2016-1340 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2016-07-29 | 7.2 HIGH | 8.4 HIGH |
| Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. | |||||
| CVE-2016-1339 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2016-07-29 | 7.2 HIGH | 7.8 HIGH |
| Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. | |||||
| CVE-2016-1418 | 1 Cisco | 7 Aironet 1830e, Aironet 1830i, Aironet 1850e and 4 more | 2016-06-15 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | |||||
| CVE-2016-1420 | 1 Cisco | 2 Application Infrastructure Controller, Application Policy Infrastructure Controller Firmware | 2016-06-10 | 7.2 HIGH | 7.8 HIGH |
| The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. | |||||
| CVE-2016-1403 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2016-06-07 | 7.2 HIGH | 7.8 HIGH |
| CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | |||||