Filtered by vendor Cisco
Subscribe
Search
Total
5736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6355 | 1 Cisco | 1 Ios Xr | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791. | |||||
| CVE-2016-6377 | 1 Cisco | 1 Media Origination System Suite | 2016-11-28 | 6.8 MEDIUM | 8.1 HIGH |
| Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | |||||
| CVE-2016-6376 | 1 Cisco | 6 Wireless Lan Controller, Wireless Lan Controller 6.0, Wireless Lan Controller 7.0 and 3 more | 2016-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device restart) via a malformed wIPS packet, aka Bug ID CSCuz40263. | |||||
| CVE-2016-1441 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.4 MEDIUM | 8.2 HIGH |
| Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | |||||
| CVE-2016-1467 | 1 Cisco | 1 Videoscape Session Resource Manager | 2016-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. | |||||
| CVE-2016-1477 | 1 Cisco | 1 Connected Streaming Analytics | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. | |||||
| CVE-2016-1458 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | |||||
| CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 7.5 HIGH | 8.6 HIGH |
| Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.5 MEDIUM | 7.1 HIGH |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | |||||
| CVE-2016-1405 | 2 Cisco, Clamav | 3 Email Security Appliance, Web Security Appliance, Clamav | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | |||||
| CVE-2015-6417 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2016-11-28 | 6.5 MEDIUM | N/A |
| Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. | |||||
| CVE-2015-6404 | 1 Cisco | 1 Hosted Collaboration Solution | 2016-11-28 | 4.0 MEDIUM | N/A |
| Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | |||||
| CVE-2015-6411 | 1 Cisco | 1 Firepower Management Center | 2016-11-28 | 5.0 MEDIUM | N/A |
| Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | |||||
| CVE-2015-6419 | 1 Cisco | 1 Firesight System Software | 2016-11-28 | 6.8 MEDIUM | N/A |
| Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | |||||
| CVE-2015-6426 | 1 Cisco | 1 Prime Network Services Controller | 2016-11-28 | 7.2 HIGH | N/A |
| Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. | |||||
| CVE-2015-6400 | 1 Cisco | 1 Emergency Responder | 2016-11-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | |||||
| CVE-2015-6375 | 1 Cisco | 1 Ios | 2016-11-28 | 2.1 LOW | N/A |
| The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |||||
| CVE-2015-4297 | 1 Cisco | 1 Webex Node For Mcs | 2016-11-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. | |||||
| CVE-2015-4283 | 1 Cisco | 1 Videoscape Policy Resource Manager | 2016-11-28 | 7.8 HIGH | N/A |
| Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCuu35104 and CSCuu35128. | |||||
| CVE-2015-0701 | 1 Cisco | 1 Unified Computing System Central Software | 2016-11-28 | 10.0 HIGH | N/A |
| Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | |||||
| CVE-2014-3383 | 1 Cisco | 1 Asa | 2016-11-28 | 7.8 HIGH | N/A |
| The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. | |||||
| CVE-2013-3462 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 8.5 HIGH | N/A |
| Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | |||||
| CVE-2013-3467 | 1 Cisco | 2 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect | 2016-11-07 | 4.6 MEDIUM | N/A |
| Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103. | |||||
| CVE-2013-3468 | 1 Cisco | 2 Unified Ip Phone 8945, Unified Ip Phone Firmware | 2016-11-07 | 7.8 HIGH | N/A |
| The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | |||||
| CVE-2013-3466 | 1 Cisco | 1 Secure Access Control Server | 2016-11-07 | 9.3 HIGH | N/A |
| The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. | |||||
| CVE-2013-3461 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 7.1 HIGH | N/A |
| Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | |||||
| CVE-2013-3460 | 1 Cisco | 1 Unified Communications Manager | 2016-11-07 | 7.8 HIGH | N/A |
| Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | |||||
| CVE-2013-3471 | 1 Cisco | 1 Identity Services Engine Software | 2016-11-04 | 4.3 MEDIUM | N/A |
| The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. | |||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2016-11-04 | 5.0 MEDIUM | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | |||||
| CVE-2013-3472 | 1 Cisco | 1 Unified Communications Manager | 2016-11-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | |||||
| CVE-2013-3470 | 1 Cisco | 1 Ios Xr | 2016-11-04 | 5.0 MEDIUM | N/A |
| The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | |||||
| CVE-2013-5470 | 1 Cisco | 1 Secure Access Control System | 2016-11-04 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | |||||
| CVE-2012-1313 | 1 Cisco | 1 Unified Computing System | 2016-11-04 | 6.5 MEDIUM | N/A |
| The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | |||||
| CVE-2013-6706 | 1 Cisco | 1 Ios Xe | 2016-11-02 | 5.4 MEDIUM | N/A |
| The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | |||||
| CVE-2012-4081 | 1 Cisco | 1 Unified Computing System | 2016-10-31 | 4.6 MEDIUM | N/A |
| MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. | |||||
| CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
| CVE-2003-0100 | 1 Cisco | 1 Ios | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | |||||
| CVE-2002-0954 | 1 Cisco | 1 Pix Firewall | 2016-10-18 | 7.5 HIGH | N/A |
| The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. | |||||
| CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. | |||||
| CVE-2002-0813 | 1 Cisco | 1 Ios | 2016-10-18 | 7.1 HIGH | N/A |
| Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2002-0159 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | |||||
| CVE-2001-0669 | 4 Cisco, Enterasys, Iss and 1 more | 6 Catalyst 6000 Intrusion Detection System Module, Secure Intrusion Detection System, Dragon and 3 more | 2016-10-18 | 7.5 HIGH | N/A |
| Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. | |||||
| CVE-2012-4077 | 1 Cisco | 1 Nx-os | 2016-09-23 | 6.8 MEDIUM | N/A |
| Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |||||
| CVE-2012-4072 | 1 Cisco | 1 Unified Computing System | 2016-09-23 | 4.3 MEDIUM | N/A |
| The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. | |||||
| CVE-2012-4074 | 1 Cisco | 1 Unified Computing System | 2016-09-23 | 5.8 MEDIUM | N/A |
| The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | |||||
| CVE-2013-5532 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2016-09-22 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. | |||||
| CVE-2013-5533 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2016-09-22 | 6.0 MEDIUM | N/A |
| The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | |||||
| CVE-2013-5526 | 1 Cisco | 2 Unified Ip Phone 9951, Unified Ip Phone 9971 | 2016-09-22 | 7.1 HIGH | N/A |
| Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. | |||||
| CVE-2012-4141 | 1 Cisco | 1 Nx-os | 2016-09-22 | 6.2 MEDIUM | N/A |
| Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | |||||