Filtered by vendor Cisco
Subscribe
Search
Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3079 | 1 Cisco | 1 Ios | 2017-08-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. | |||||
| CVE-2011-3305 | 1 Cisco | 2 Nac Appliance, Nac Manager | 2017-08-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. | |||||
| CVE-2011-3297 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software | 2017-08-29 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697. | |||||
| CVE-2011-3296 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Firewall Services Module Software | 2017-08-29 | 7.8 HIGH | N/A |
| Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875. | |||||
| CVE-2011-3294 | 1 Cisco | 2 Telepresence Video Communication Servers, Telepresence Video Communication Servers Software | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, aka Bug ID CSCts80342. | |||||
| CVE-2011-3290 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2017-08-29 | 10.0 HIGH | N/A |
| Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135. | |||||
| CVE-2011-3310 | 2 Cisco, Microsoft | 2 Ciscoworks Common Services, Windows | 2017-08-29 | 9.0 HIGH | N/A |
| The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. | |||||
| CVE-2012-0284 | 1 Cisco | 2 Linksys Playerpt Activex Control, Wvc200 Wireless-g Ptz Internet Video Camera | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). | |||||
| CVE-2011-4005 | 1 Cisco | 8 Small Business Srp520 Series Firmware, Small Business Srp521w, Small Business Srp526w and 5 more | 2017-08-29 | 9.3 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. | |||||
| CVE-2012-0383 | 1 Cisco | 1 Ios | 2017-08-29 | 7.8 HIGH | N/A |
| Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. | |||||
| CVE-2011-2584 | 1 Cisco | 1 Show And Share | 2017-08-29 | 7.5 HIGH | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. | |||||
| CVE-2011-2555 | 1 Cisco | 1 Telepresence Recording Server Software | 2017-08-29 | 10.0 HIGH | N/A |
| Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | |||||
| CVE-2011-2549 | 1 Cisco | 3 Asr 9006 Router, Asr 9010 Router, Ios Xr | 2017-08-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695. | |||||
| CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2017-08-29 | 9.0 HIGH | N/A |
| The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | |||||
| CVE-2011-2546 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2017-08-29 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | |||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | |||||
| CVE-2011-2064 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2017-08-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577. | |||||
| CVE-2011-2040 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2017-08-29 | 9.3 HIGH | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. | |||||
| CVE-2011-2039 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2017-08-29 | 7.6 HIGH | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. | |||||
| CVE-2011-2024 | 1 Cisco | 1 Cns Network Registrar | 2017-08-29 | 10.0 HIGH | N/A |
| Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | |||||
| CVE-2011-1637 | 1 Cisco | 15 Skinny Client Control Protocol Software, Unified Ip Phone 7906, Unified Ip Phone 7911g and 12 more | 2017-08-17 | 1.5 LOW | N/A |
| Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962. | |||||
| CVE-2011-1623 | 1 Cisco | 2 Media Experience Engine 5600, Media Processing Software | 2017-08-17 | 10.0 HIGH | N/A |
| Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | |||||
| CVE-2011-1609 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 8.5 HIGH | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. | |||||
| CVE-2011-1607 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. | |||||
| CVE-2011-1606 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855. | |||||
| CVE-2011-1605 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. | |||||
| CVE-2011-1604 | 1 Cisco | 1 Unified Communications Manager | 2017-08-17 | 7.1 HIGH | N/A |
| Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. | |||||
| CVE-2011-1613 | 1 Cisco | 1 Wireless Lan Controller Software | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. | |||||
| CVE-2011-0966 | 1 Cisco | 1 Ciscoworks Common Services | 2017-08-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. | |||||
| CVE-2011-0962 | 1 Cisco | 1 Unified Operations Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712. | |||||
| CVE-2011-0961 | 1 Cisco | 1 Ciscoworks Common Services | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. | |||||
| CVE-2011-0960 | 1 Cisco | 1 Unified Operations Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716. | |||||
| CVE-2011-0959 | 1 Cisco | 1 Unified Operations Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716. | |||||
| CVE-2011-0951 | 1 Cisco | 1 Secure Access Control System | 2017-08-17 | 5.0 MEDIUM | N/A |
| The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | |||||
| CVE-2011-0391 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2017-08-17 | 7.8 HIGH | N/A |
| Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205. | |||||
| CVE-2011-0390 | 1 Cisco | 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software | 2017-08-17 | 7.8 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534. | |||||
| CVE-2011-0389 | 1 Cisco | 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software | 2017-08-17 | 7.8 HIGH | N/A |
| Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993. | |||||
| CVE-2011-0387 | 1 Cisco | 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software | 2017-08-17 | 8.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164. | |||||
| CVE-2011-0385 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065. | |||||
| CVE-2011-0386 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2017-08-17 | 9.3 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739. | |||||
| CVE-2011-0384 | 1 Cisco | 2 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software | 2017-08-17 | 10.0 HIGH | N/A |
| The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253. | |||||
| CVE-2011-0383 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2017-08-17 | 10.0 HIGH | N/A |
| The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | |||||
| CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2017-08-17 | 10.0 HIGH | N/A |
| Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | |||||
| CVE-2011-0380 | 1 Cisco | 1 Telepresence Manager | 2017-08-17 | 7.5 HIGH | N/A |
| Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. | |||||
| CVE-2011-0392 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2017-08-17 | 7.5 HIGH | N/A |
| Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833. | |||||
| CVE-2011-0377 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2017-08-17 | 7.8 HIGH | N/A |
| Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605. | |||||
| CVE-2011-0349 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350. | |||||
| CVE-2011-0348 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2017-08-17 | 6.4 MEDIUM | N/A |
| Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917. | |||||
| CVE-2011-0352 | 1 Cisco | 2 Linksys Wrt54gc Router, Linksys Wrt54gc Router Firmware | 2017-08-17 | 7.8 HIGH | N/A |
| Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request. | |||||
| CVE-2011-0350 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349. | |||||