Filtered by vendor Cisco
Subscribe
Search
Total
5736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2176 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2016-09-07 | 7.1 HIGH | N/A |
| Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928. | |||||
| CVE-2014-2121 | 1 Cisco | 1 Hosted Collaboration Solution | 2016-09-07 | 5.0 MEDIUM | N/A |
| The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. | |||||
| CVE-2014-3274 | 1 Cisco | 1 Telepresence System Software | 2016-09-07 | 4.3 MEDIUM | N/A |
| Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326. | |||||
| CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | |||||
| CVE-2014-3276 | 1 Cisco | 1 Identity Services Engine Software | 2016-09-07 | 4.0 MEDIUM | N/A |
| Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780. | |||||
| CVE-2014-3273 | 1 Cisco | 1 Ios | 2016-09-07 | 6.1 MEDIUM | N/A |
| The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | |||||
| CVE-2014-3272 | 1 Cisco | 1 Tidal Enterprise Scheduler | 2016-09-07 | 6.0 MEDIUM | N/A |
| The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. | |||||
| CVE-2014-3271 | 1 Cisco | 1 Ios Xr | 2016-09-07 | 5.0 MEDIUM | N/A |
| The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | |||||
| CVE-2014-3270 | 1 Cisco | 1 Ios Xr | 2016-09-07 | 5.0 MEDIUM | N/A |
| The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | |||||
| CVE-2014-3267 | 1 Cisco | 1 Security Manager | 2016-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. | |||||
| CVE-2014-3265 | 1 Cisco | 1 Security Manager | 2016-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900. | |||||
| CVE-2014-3263 | 1 Cisco | 1 Ios | 2016-09-07 | 5.4 MEDIUM | N/A |
| The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | |||||
| CVE-2014-3262 | 1 Cisco | 2 Ios, Ios Xe | 2016-09-07 | 4.3 MEDIUM | N/A |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | |||||
| CVE-2014-3290 | 1 Cisco | 1 Ios Xe | 2016-09-06 | 4.8 MEDIUM | N/A |
| The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | |||||
| CVE-2016-1335 | 1 Cisco | 1 Asr 5000 Series Software | 2016-08-04 | 7.1 HIGH | 7.5 HIGH |
| The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. | |||||
| CVE-2016-1390 | 1 Cisco | 2 Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2016-08-04 | 7.2 HIGH | 7.8 HIGH |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. | |||||
| CVE-2016-1340 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2016-07-29 | 7.2 HIGH | 8.4 HIGH |
| Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. | |||||
| CVE-2016-1339 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2016-07-29 | 7.2 HIGH | 7.8 HIGH |
| Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. | |||||
| CVE-2016-1451 | 1 Cisco | 1 Meeting Server | 2016-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. | |||||
| CVE-2016-1424 | 1 Cisco | 1 Ios | 2016-06-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | |||||
| CVE-2016-1431 | 1 Cisco | 1 Firepower Management Center | 2016-06-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | |||||
| CVE-2016-1432 | 1 Cisco | 1 Ios Xe | 2016-06-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862. | |||||
| CVE-2016-1418 | 1 Cisco | 7 Aironet 1830e, Aironet 1830i, Aironet 1850e and 4 more | 2016-06-15 | 7.2 HIGH | 7.8 HIGH |
| Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | |||||
| CVE-2016-1420 | 1 Cisco | 2 Application Infrastructure Controller, Application Policy Infrastructure Controller Firmware | 2016-06-10 | 7.2 HIGH | 7.8 HIGH |
| The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. | |||||
| CVE-2016-1403 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2016-06-07 | 7.2 HIGH | 7.8 HIGH |
| CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | |||||
| CVE-2016-1413 | 1 Cisco | 1 Firepower Management Center | 2016-05-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||||
| CVE-2016-1368 | 1 Cisco | 1 Firesight System Software | 2016-05-09 | 7.8 HIGH | 7.5 HIGH |
| Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. | |||||
| CVE-2016-1343 | 1 Cisco | 1 Information Server | 2016-05-04 | 6.4 MEDIUM | 10.0 CRITICAL |
| The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. | |||||
| CVE-2016-4349 | 1 Cisco | 1 Webex Productivity Tools | 2016-05-04 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140. | |||||
| CVE-2016-1375 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2016-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | |||||
| CVE-2015-0746 | 1 Cisco | 1 Secure Access Control Server | 2016-04-06 | 5.0 MEDIUM | N/A |
| The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | |||||
| CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-03-19 | 8.0 HIGH | 6.5 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||||
| CVE-2016-1357 | 1 Cisco | 1 Cisco Policy Suite | 2016-03-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211. | |||||
| CVE-2016-1342 | 1 Cisco | 1 Firepower Management Center | 2016-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | |||||
| CVE-2016-1354 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | |||||
| CVE-2016-1322 | 1 Cisco | 1 Spark | 2016-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | |||||
| CVE-2016-1323 | 1 Cisco | 1 Spark | 2016-02-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | |||||
| CVE-2016-1324 | 1 Cisco | 1 Spark | 2016-02-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | |||||
| CVE-2016-1303 | 1 Cisco | 16 500 Series Switch Firmware, Sf500-24, Sf500-24p and 13 more | 2016-02-24 | 7.8 HIGH | 7.5 HIGH |
| The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | |||||
| CVE-2016-1299 | 1 Cisco | 28 300 Series Managed Switch Firmware, Sf300-08, Sf300-24 and 25 more | 2016-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. | |||||
| CVE-2016-1306 | 1 Cisco | 1 Fog Director | 2016-02-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | |||||
| CVE-2016-1300 | 1 Cisco | 1 Unity Connection | 2016-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||||
| CVE-2015-6412 | 1 Cisco | 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software | 2016-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | |||||
| CVE-2015-6361 | 1 Cisco | 2 Dpc3939 Wireless Residential Voice Gateway, Dpc3939 Wireless Residential Voice Gateway Firmware | 2015-12-15 | 6.5 MEDIUM | N/A |
| The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170. | |||||
| CVE-2015-6384 | 1 Cisco | 1 Webex Meetings | 2015-12-07 | 4.3 MEDIUM | N/A |
| The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. | |||||
| CVE-2014-3279 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. | |||||
| CVE-2014-3281 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. | |||||
| CVE-2014-3278 | 1 Cisco | 1 Unified Communications Domain Manager | 2015-12-04 | 5.0 MEDIUM | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | |||||
| CVE-2014-3323 | 1 Cisco | 1 Unified Contact Center Enterprise | 2015-12-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | |||||
| CVE-2014-3307 | 1 Cisco | 1 Universal Small Cell Series Firmware | 2015-12-03 | 6.8 MEDIUM | N/A |
| The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. | |||||