Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10010 | 1 Cisco | 1 Openresolve | 2024-11-21 | 2.6 LOW | 3.1 LOW |
|
A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of thi ...
Show More |
|||||
| CVE-2015-0749 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or ...
Show More |
|||||
| CVE-2013-5122 | 1 Cisco | 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access
|
|||||
| CVE-2013-3568 | 1 Cisco | 2 Linksys Wrt110, Linksys Wrt110 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
|
|||||
| CVE-2013-2684 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-2683 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
|
|||||
| CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
|
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
|
|||||
| CVE-2013-2680 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
|
|||||
| CVE-2013-2678 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
|
|||||
| CVE-2013-1202 | 1 Cisco | 1 Ace Application Control Engine Module A2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco ACE A2(3.6) allows log retention DoS.
|
|||||
| CVE-2012-1326 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
|
|||||
| CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks
|
|||||
| CVE-2012-0334 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 3.2 LOW | 6.4 MEDIUM |
|
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks
|
|||||
| CVE-2011-4661 | 1 Cisco | 1 Ios | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured.
|
|||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.
|
|||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-21 | 6.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
|
|||||
| CVE-2010-3048 | 1 Cisco | 1 Unified Personal Communicator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.
|
|||||
| CVE-2024-20525 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of th ...
Show More |
|||||
| CVE-2024-20530 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of th ...
Show More |
|||||
| CVE-2024-20531 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.5 MEDIUM |
|
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.
This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by send ...
Show More |
|||||
| CVE-2024-20538 | 1 Cisco | 1 Identity Services Engine | 2024-11-20 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script ...
Show More |
|||||
| CVE-2024-20426 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-05 | N/A | 8.6 HIGH |
|
A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could ...
Show More |
|||||
| CVE-2024-20412 | 1 Cisco | 22 Firepower 1000, Firepower 1010, Firepower 1020 and 19 more | 2024-11-05 | N/A | 8.4 HIGH |
|
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.
This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to a ...
Show More |
|||||
| CVE-2024-20431 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-05 | N/A | 5.8 MEDIUM |
|
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy.
This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected d ...
Show More |
|||||
| CVE-2024-20300 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A succes ...
Show More |
|||||
| CVE-2024-20485 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-01 | N/A | 6.7 MEDIUM |
|
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backu ...
Show More |
|||||
| CVE-2024-20482 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.
This vulnerability is due to insufficient validation of role permissions in part of the web-based management inter ...
Show More |
|||||
| CVE-2024-20472 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exp ...
Show More |
|||||
| CVE-2024-20471 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exp ...
Show More |
|||||
| CVE-2024-20474 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2024-11-01 | N/A | 6.5 MEDIUM |
|
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.
This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on ...
Show More |
|||||
| CVE-2024-20473 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface does not validate user input adequately. An attacker could exploit this vulnerability by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exp ...
Show More |
|||||
| CVE-2024-20424 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 9.9 CRITICAL |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then ...
Show More |
|||||
| CVE-2024-20331 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-01 | N/A | 5.9 MEDIUM |
|
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.
This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their au ...
Show More |
|||||
| CVE-2024-20341 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-01 | N/A | 6.1 MEDIUM |
|
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to ...
Show More |
|||||
| CVE-2024-20493 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-11-01 | N/A | 5.3 MEDIUM |
|
A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.
This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit ...
Show More |
|||||
| CVE-2024-20364 | 1 Cisco | 1 Secure Firewall Management Center | 2024-10-31 | N/A | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A ...
Show More |
|||||
| CVE-2024-20269 | 1 Cisco | 1 Secure Firewall Management Center | 2024-10-31 | N/A | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A succes ...
Show More |
|||||
| CVE-2024-20298 | 1 Cisco | 1 Secure Firewall Management Center | 2024-10-31 | N/A | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A succes ...
Show More |
|||||
| CVE-2024-20273 | 1 Cisco | 1 Secure Firewall Management Center | 2024-10-31 | N/A | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A succ ...
Show More |
|||||