Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0668 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.
|
|||||
| CVE-2016-9209 | 1 Cisco | 1 Firepower Services For Adaptive Security Appliance | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 S ...
Show More |
|||||
| CVE-2015-0694 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
|
|||||
| CVE-2015-6413 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.
|
|||||
| CVE-2014-0679 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 9.0 HIGH | N/A |
|
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.
|
|||||
| CVE-2016-1454 | 1 Cisco | 54 5548p, 5548up, 5596t and 51 more | 2025-04-12 | 7.1 HIGH | 6.5 MEDIUM |
|
Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417.
|
|||||
| CVE-2013-1191 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-12 | 7.1 HIGH | N/A |
|
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.
|
|||||
| CVE-2015-6426 | 1 Cisco | 1 Prime Network Services Controller | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.
|
|||||
| CVE-2015-6364 | 1 Cisco | 1 Videoscape Distribution Suite Service Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960.
|
|||||
| CVE-2015-0600 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139.
|
|||||
| CVE-2014-2146 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
|
|||||
| CVE-2016-9193 | 1 Cisco | 2 Firesight System Software, Secure Firewall Management Center | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
|
|||||
| CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
|
|||||
| CVE-2015-6347 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
|
|||||
| CVE-2014-2142 | 1 Cisco | 3 Cisco Ons 15454 System Software, Ons 15454, Ons 15454 System Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.
|
|||||
| CVE-2015-0766 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
|
|||||
| CVE-2015-4285 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273.
|
|||||
| CVE-2015-0700 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.
|
|||||
| CVE-2015-6301 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.
|
|||||
| CVE-2015-0676 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 7.1 HIGH | N/A |
|
The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these quer ...
Show More |
|||||
| CVE-2016-6468 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14).
|
|||||
| CVE-2016-1304 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
|
|||||
| CVE-2014-8034 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.
|
|||||
| CVE-2014-2157 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2025-04-12 | 7.1 HIGH | N/A |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.
|
|||||
| CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
|
|||||
| CVE-2015-4230 | 1 Cisco | 1 Headend System Release | 2025-04-12 | 7.8 HIGH | N/A |
|
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91854.
|
|||||
| CVE-2016-1470 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.
|
|||||
| CVE-2014-3347 | 1 Cisco | 8 1801 Integrated Service Router, 1802 Integrated Service Router, 1803 Integrated Service Router and 5 more | 2025-04-12 | 5.4 MEDIUM | N/A |
|
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid state of the hardware encryption module, aka Bug ID CSCul77897.
|
|||||
| CVE-2015-4324 | 1 Cisco | 27 Nexus 1000v, Nexus 3016, Nexus 3048 and 24 more | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908.
|
|||||
| CVE-2015-6375 | 1 Cisco | 1 Ios | 2025-04-12 | 2.1 LOW | N/A |
|
The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.
|
|||||
| CVE-2016-6434 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
|
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
|
|||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 6.6 MEDIUM | N/A |
|
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.
|
|||||
| CVE-2015-6435 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
|
|||||
| CVE-2015-6379 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.
|
|||||
| CVE-2016-1340 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
|
Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.
|
|||||
| CVE-2014-2166 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.
|
|||||
| CVE-2014-2135 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2025-04-12 | 9.3 HIGH | N/A |
|
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.
|
|||||
| CVE-2016-1447 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
|
|||||
| CVE-2015-0718 | 6 Cisco, Netgear, Samsung and 3 more | 7 Nx-os, Unified Computing System, Jr6150 Firmware and 4 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
|
|||||
| CVE-2015-4227 | 1 Cisco | 1 Headend System Release | 2025-04-12 | 7.8 HIGH | N/A |
|
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91838.
|
|||||