Filtered by vendor Cisco
Subscribe
Search
Total
5736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0665 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-29 | 4.0 MEDIUM | N/A |
| The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. | |||||
| CVE-2014-0666 | 1 Cisco | 1 Jabber | 2017-08-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | |||||
| CVE-2014-0648 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 10.0 HIGH | N/A |
| The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | |||||
| CVE-2014-0650 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 10.0 HIGH | N/A |
| The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. | |||||
| CVE-2014-0651 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.9 MEDIUM | N/A |
| The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. | |||||
| CVE-2014-0652 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. | |||||
| CVE-2014-0653 | 1 Cisco | 1 Adaptive Security Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | |||||
| CVE-2014-0654 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | |||||
| CVE-2014-0655 | 1 Cisco | 1 Adaptive Security Appliance | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | |||||
| CVE-2014-0656 | 1 Cisco | 1 Context Directory Agent | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | |||||
| CVE-2014-0667 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 6.3 MEDIUM | N/A |
| The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. | |||||
| CVE-2014-0674 | 1 Cisco | 1 Video Surveillance Operations Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | |||||
| CVE-2014-0675 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-08-29 | 6.4 MEDIUM | N/A |
| The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. | |||||
| CVE-2014-0676 | 1 Cisco | 1 Nx-os | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | |||||
| CVE-2014-0677 | 1 Cisco | 1 Nx-os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | |||||
| CVE-2014-0678 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 5.5 MEDIUM | N/A |
| The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | |||||
| CVE-2014-3311 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2017-08-29 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. | |||||
| CVE-2014-3310 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | |||||
| CVE-2014-3309 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 5.0 MEDIUM | N/A |
| The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | |||||
| CVE-2014-0649 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 9.0 HIGH | N/A |
| The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | |||||
| CVE-2014-3305 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. | |||||
| CVE-2014-3304 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | |||||
| CVE-2014-3303 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 4.0 MEDIUM | N/A |
| The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | |||||
| CVE-2014-3302 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 5.8 MEDIUM | N/A |
| user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | |||||
| CVE-2014-3301 | 1 Cisco | 1 Webex Meetings Server | 2017-08-29 | 5.0 MEDIUM | N/A |
| The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | |||||
| CVE-2014-3335 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2017-08-29 | 4.6 MEDIUM | N/A |
| Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750. | |||||
| CVE-2014-3293 | 1 Cisco | 2 Asr901, Ios | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736. | |||||
| CVE-2014-2153 | 1 Cisco | 1 Prime Infrastructure | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. | |||||
| CVE-2014-2152 | 1 Cisco | 1 Prime Infrastructure | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. | |||||
| CVE-2014-2147 | 1 Cisco | 1 Prime Infrastructure | 2017-08-29 | 4.3 MEDIUM | N/A |
| The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444. | |||||
| CVE-2014-2124 | 1 Cisco | 2 Catalyst 6500, Ios | 2017-08-29 | 7.1 HIGH | N/A |
| Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. | |||||
| CVE-2014-2122 | 1 Cisco | 1 Hosted Collaboration Solution | 2017-08-29 | 5.0 MEDIUM | N/A |
| Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. | |||||
| CVE-2014-3409 | 1 Cisco | 2 Ios, Ios Xe | 2017-08-29 | 6.1 MEDIUM | N/A |
| The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | |||||
| CVE-2014-3380 | 1 Cisco | 1 Unified Communications Domain Manager Platform | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. | |||||
| CVE-2014-3379 | 1 Cisco | 3 Ios Xr, Network Convergence System 6000, Network Convergence System 6008 | 2017-08-29 | 6.1 MEDIUM | N/A |
| Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. | |||||
| CVE-2014-3374 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | |||||
| CVE-2014-3373 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | |||||
| CVE-2014-3372 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | |||||
| CVE-2014-3367 | 1 Cisco | 1 Cisco Nexus 1000v Intercloud | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||
| CVE-2014-3378 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||||
| CVE-2014-3377 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 4.0 MEDIUM | N/A |
| snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||||
| CVE-2014-3376 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||||
| CVE-2014-3365 | 1 Cisco | 1 Prime Security Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. | |||||
| CVE-2014-3363 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | |||||
| CVE-2014-3362 | 1 Cisco | 4 Telepresence System Edge 75 Mxp, Telepresence System Edge 85 Mxp, Telepresence System Edge 95 Mxp and 1 more | 2017-08-29 | 7.8 HIGH | N/A |
| Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. | |||||
| CVE-2014-3361 | 1 Cisco | 1 Ios | 2017-08-29 | 7.1 HIGH | N/A |
| The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | |||||
| CVE-2013-5498 | 1 Cisco | 1 Ios Xr | 2017-08-29 | 5.0 MEDIUM | N/A |
| The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |||||
| CVE-2013-5525 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. | |||||
| CVE-2013-5504 | 1 Cisco | 1 Identity Services Engine Software | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266. | |||||