Search
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2015-10-28 | 6.6 MEDIUM | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | |||||
| CVE-2015-0664 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2015-09-10 | 4.3 MEDIUM | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. | |||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2015-09-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. | |||||
| CVE-2015-4290 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2015-08-21 | 4.9 MEDIUM | N/A |
| The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. | |||||
| CVE-2013-1130 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2013-09-23 | 6.8 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | |||||
| CVE-2013-1173 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2013-04-11 | 6.6 MEDIUM | N/A |
| Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. | |||||
| CVE-2013-1172 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2013-04-11 | 6.6 MEDIUM | N/A |
| The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. | |||||
| CVE-2012-2496 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-24 | 6.8 MEDIUM | N/A |
| A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. | |||||
| CVE-2012-2498 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-07 | 4.0 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | |||||
| CVE-2012-2499 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-07 | 5.8 MEDIUM | N/A |
| The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. | |||||
| CVE-2012-2500 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-07 | 4.0 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. | |||||
| CVE-2012-1370 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-08-06 | 3.5 LOW | N/A |
| Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. | |||||
| CVE-2012-2494 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-06-21 | 4.3 MEDIUM | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. | |||||
| CVE-2012-2493 | 4 Apple, Cisco, Linux and 1 more | 4 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2012-06-21 | 9.3 HIGH | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | |||||
| CVE-2012-2495 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Desktop | 2012-06-21 | 4.3 MEDIUM | N/A |
| The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | |||||
| CVE-2011-2041 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2011-09-07 | 7.2 HIGH | N/A |
| The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. | |||||