Filtered by vendor Cisco
Subscribe
Search
Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4224 | 1 Cisco | 1 Wireless Lan Controller Software | 2016-12-28 | 7.2 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. | |||||
| CVE-2015-4223 | 1 Cisco | 1 Ios Xr | 2016-12-28 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. | |||||
| CVE-2015-4191 | 1 Cisco | 1 Ios Xr | 2016-12-28 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. | |||||
| CVE-2015-4230 | 1 Cisco | 1 Headend System Release | 2016-12-28 | 7.8 HIGH | N/A |
| Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854. | |||||
| CVE-2015-4227 | 1 Cisco | 1 Headend System Release | 2016-12-28 | 7.8 HIGH | N/A |
| Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91838. | |||||
| CVE-2015-4231 | 1 Cisco | 3 Nexus 7000, Nexus 7700, Nx-os | 2016-12-28 | 3.6 LOW | N/A |
| The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. | |||||
| CVE-2015-4232 | 1 Cisco | 16 Mds 9100, Mds 9200, Mds 9500 and 13 more | 2016-12-28 | 4.6 MEDIUM | N/A |
| Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | |||||
| CVE-2015-4234 | 1 Cisco | 1 Nx-os | 2016-12-28 | 7.2 HIGH | N/A |
| Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. | |||||
| CVE-2015-4237 | 1 Cisco | 38 Mds 9100, Mds 9140, Mds 9500 and 35 more | 2016-12-28 | 4.6 MEDIUM | N/A |
| The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. | |||||
| CVE-2015-4263 | 1 Cisco | 1 Mobility Services Engine | 2016-12-28 | 4.0 MEDIUM | N/A |
| The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. | |||||
| CVE-2015-4260 | 1 Cisco | 1 Hosted Collaboration Solution | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862. | |||||
| CVE-2015-4267 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | |||||
| CVE-2015-4268 | 1 Cisco | 1 Identity Services Engine Software | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052. | |||||
| CVE-2015-4272 | 1 Cisco | 1 Unified Communications Manager | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | |||||
| CVE-2015-4259 | 1 Cisco | 1 Unified Computing System | 2016-12-28 | 4.3 MEDIUM | N/A |
| The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. | |||||
| CVE-2015-4271 | 1 Cisco | 1 Telepresence Tc Software | 2016-12-28 | 6.4 MEDIUM | N/A |
| Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | |||||
| CVE-2015-4269 | 1 Cisco | 1 Unified Communications Manager | 2016-12-28 | 4.0 MEDIUM | N/A |
| The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. | |||||
| CVE-2015-4270 | 1 Cisco | 1 Firesight System Software | 2016-12-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. | |||||
| CVE-2015-4220 | 1 Cisco | 1 Unified Presence Server | 2016-12-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. | |||||
| CVE-2015-4233 | 1 Cisco | 1 Unified Meetingplace | 2016-12-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | |||||
| CVE-2015-4217 | 1 Cisco | 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance | 2016-12-28 | 4.3 MEDIUM | N/A |
| The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. | |||||
| CVE-2015-4298 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2016-12-28 | 6.5 MEDIUM | N/A |
| Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. | |||||
| CVE-2015-4208 | 1 Cisco | 1 Webex Meeting Center | 2016-12-28 | 7.5 HIGH | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | |||||
| CVE-2015-4273 | 1 Cisco | 1 Asr 5000 Series Software | 2016-12-28 | 5.0 MEDIUM | N/A |
| The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. | |||||
| CVE-2015-4301 | 1 Cisco | 7 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 4 more | 2016-12-28 | 6.8 MEDIUM | N/A |
| Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | |||||
| CVE-2015-4299 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2016-12-28 | 5.5 MEDIUM | N/A |
| Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | |||||
| CVE-2015-4302 | 1 Cisco | 1 Firesight System Software | 2016-12-28 | 6.4 MEDIUM | N/A |
| The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | |||||
| CVE-2015-4308 | 1 Cisco | 1 Edge Bluebird Operating System | 2016-12-28 | 6.8 MEDIUM | N/A |
| The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. | |||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2016-12-12 | 6.6 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | |||||
| CVE-2015-6315 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 7.2 HIGH | N/A |
| Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694. | |||||
| CVE-2015-6279 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-12 | 7.8 HIGH | N/A |
| The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. | |||||
| CVE-2015-6305 | 2 Cisco, Microsoft | 2 Anyconnect Secure Mobility Client, Windows | 2016-12-12 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211. | |||||
| CVE-2015-6302 | 1 Cisco | 1 Wireless Lan Controller Software | 2016-12-12 | 5.0 MEDIUM | N/A |
| The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | |||||
| CVE-2015-6329 | 1 Cisco | 1 Prime Collaboration Provisioning | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||||
| CVE-2015-6332 | 1 Cisco | 1 Prime Infrastructure | 2016-12-09 | 5.0 MEDIUM | N/A |
| Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | |||||
| CVE-2015-6328 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.8 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. | |||||
| CVE-2015-6333 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2016-12-09 | 4.6 MEDIUM | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||||
| CVE-2015-6334 | 1 Cisco | 1 Asr 5000 Software | 2016-12-09 | 5.0 MEDIUM | N/A |
| Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2016-12-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-4265 | 1 Cisco | 1 Ucs B-series Blade Server Software | 2016-12-08 | 4.9 MEDIUM | N/A |
| Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241. | |||||
| CVE-2015-6418 | 1 Cisco | 7 Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn Router Firmware, Rv042g Dual Gigabit Wan Vpn Firmware and 4 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. | |||||
| CVE-2015-6429 | 1 Cisco | 2 Ios, Ios Xe | 2016-12-07 | 5.0 MEDIUM | N/A |
| The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. | |||||
| CVE-2015-6428 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | |||||
| CVE-2015-6427 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 5.0 MEDIUM | N/A |
| Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | |||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2016-12-07 | 5.0 MEDIUM | N/A |
| The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | |||||
| CVE-2015-6424 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2016-12-07 | 7.2 HIGH | N/A |
| The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. | |||||
| CVE-2015-6422 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-12-07 | 4.0 MEDIUM | N/A |
| The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. | |||||
| CVE-2015-6416 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. | |||||
| CVE-2015-6414 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-12-07 | 2.1 LOW | N/A |
| Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. | |||||
| CVE-2015-6413 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-12-07 | 4.0 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651. | |||||