Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2195 | 1 Cisco | 3 Asyncos, Content Security Management Appliance, Email Security Appliance Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
|
|||||
| CVE-2015-0772 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 7.1 HIGH | N/A |
|
Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422.
|
|||||
| CVE-2014-2158 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.
|
|||||
| CVE-2015-0613 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 7.1 HIGH | N/A |
|
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.
|
|||||
| CVE-2015-4185 | 1 Cisco | 1 Ios | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.
|
|||||
| CVE-2015-6291 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-contains, every-attachment-contains, attachment-binary-contains, dictionary-match, and attachment-dictionary-match filtering, which allows remote attackers to cause a denial of service (memory consumption) via a crafted attachment in an e-mail message, aka Bug ID CSCuv47151.
|
|||||
| CVE-2013-3068 | 1 Cisco | 2 Linksys Wrt310n Router Firmware, Linksys Wrt350n | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
|
|||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2025-04-12 | 9.3 HIGH | N/A |
|
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
|
|||||
| CVE-2016-6430 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2025-04-12 | 6.6 MEDIUM | 7.8 HIGH |
|
A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).
|
|||||
| CVE-2016-1364 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted Bonjour traffic, aka Bug ID CSCur66908.
|
|||||
| CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
|
|||||
| CVE-2015-4262 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-12 | 10.0 HIGH | N/A |
|
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
|
|||||
| CVE-2015-6387 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.
|
|||||
| CVE-2015-6258 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.
|
|||||
| CVE-2014-7997 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2025-04-12 | 6.1 MEDIUM | N/A |
|
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281.
|
|||||
| CVE-2015-0663 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 6.6 MEDIUM | N/A |
|
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
|
|||||
| CVE-2015-4307 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-12 | 9.0 HIGH | N/A |
|
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.
|
|||||
| CVE-2014-3361 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
|
The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
|
|||||
| CVE-2016-1351 | 1 Cisco | 2 Ios, Nx-os | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.
|
|||||
| CVE-2016-6410 | 1 Cisco | 1 Ios | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856.
|
|||||
| CVE-2016-6369 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
|
|||||
| CVE-2015-4254 | 1 Cisco | 1 Telepresence Advanced Media Gateway | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
|
|||||
| CVE-2015-6288 | 1 Cisco | 1 Content Security Management Appliance | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.
|
|||||
| CVE-2015-0725 | 1 Cisco | 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409.
|
|||||
| CVE-2015-6374 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604.
|
|||||
| CVE-2015-0654 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-12 | 7.1 HIGH | N/A |
|
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
|
|||||
| CVE-2015-4297 | 1 Cisco | 1 Webex Node For Mcs | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136.
|
|||||
| CVE-2014-3355 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.
|
|||||
| CVE-2016-6467 | 1 Cisco | 2 Asr 5000, Asr 5000 Series Software | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203.
|
|||||
| CVE-2016-1363 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617.
|
|||||
| CVE-2016-6378 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets that require NAT, aka Bug ID CSCuw85853.
|
|||||
| CVE-2015-0677 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 7.8 HIGH | N/A |
|
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.
|
|||||
| CVE-2014-2145 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
|
|||||
| CVE-2014-3299 | 1 Cisco | 1 Ios | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.
|
|||||
| CVE-2015-6267 | 1 Cisco | 8 Asr 1001, Asr 1001-x, Asr 1002 and 5 more | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.
|
|||||
| CVE-2015-0747 | 1 Cisco | 3 Headend Digital Broadband Delivery System, Headend System Release, Videoscape Conductor | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.
|
|||||
| CVE-2015-4327 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 7.2 HIGH | N/A |
|
The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542.
|
|||||
| CVE-2014-7992 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.
|
|||||
| CVE-2015-6282 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.
|
|||||
| CVE-2014-3294 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.
|
|||||