Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0660 | 1 Cisco | 1 Telepresence Server Software | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
|
|||||
| CVE-2015-4315 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
|
|||||
| CVE-2014-0706 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
|
|||||
| CVE-2015-6386 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID CSCut94150.
|
|||||
| CVE-2016-6361 | 1 Cisco | 1 Aironet Access Point Software | 2025-04-12 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.
|
|||||
| CVE-2014-7995 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.
|
|||||
| CVE-2015-0741 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.
|
|||||
| CVE-2014-8007 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
|
|||||
| CVE-2015-4252 | 1 Cisco | 1 Telepresence Isdn Gw 3241 | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724.
|
|||||
| CVE-2014-2177 | 1 Cisco | 7 Rv120w, Rv120w Firmware, Rv180 and 4 more | 2025-04-12 | 9.0 HIGH | N/A |
|
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
|
|||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
|
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.
|
|||||
| CVE-2015-6384 | 1 Cisco | 1 Webex Meetings | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442.
|
|||||
| CVE-2015-6289 | 1 Cisco | 4 800 Integrated Services Router, 819 Integrated Services Router, 829 Integrated Services Router and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
|
|||||
| CVE-2015-4270 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702.
|
|||||
| CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
|
|||||
| CVE-2014-2147 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444.
|
|||||
| CVE-2016-9214 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130).
|
|||||
| CVE-2016-1320 | 1 Cisco | 1 Prime Collaboration | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
|
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
|
|||||
| CVE-2015-4235 | 1 Cisco | 2 Application Policy Infrastructure Controller \(apic\), Nx-os | 2025-04-12 | 9.0 HIGH | N/A |
|
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
|
|||||
| CVE-2014-2156 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2025-04-12 | 7.1 HIGH | N/A |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.
|
|||||
| CVE-2015-0658 | 1 Cisco | 35 Nexus 3016, Nexus 3048, Nexus 3064 and 32 more | 2025-04-12 | 7.9 HIGH | N/A |
|
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
|
|||||
| CVE-2015-6399 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.
|
|||||
| CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
|
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
|
|||||
| CVE-2016-9205 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known Affected Releases: 6.1.1.BASE. Known Fixed Releases: 6.1.2.6i.MGBL 6.1.22.9i.MGBL 6.2.1.14i.MGBL.
|
|||||
| CVE-2014-2165 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.
|
|||||
| CVE-2014-3348 | 1 Cisco | 8 Integrated Management Controller, Unified Computing System E140d, Unified Computing System E140dp and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.
|
|||||
| CVE-2016-6453 | 1 Cisco | 1 Identity Services Engine | 2025-04-12 | 4.9 MEDIUM | 7.3 HIGH |
|
A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).
|
|||||
| CVE-2015-0664 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
|
|||||
| CVE-2016-1471 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.
|
|||||
| CVE-2016-1408 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
|
|||||
| CVE-2015-6341 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610.
|
|||||
| CVE-2014-3283 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.
|
|||||
| CVE-2014-3407 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.
|
|||||
| CVE-2015-6377 | 1 Cisco | 1 Virtual Topology System | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379.
|
|||||
| CVE-2016-6458 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is con ...
Show More |
|||||
| CVE-2015-6353 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.
|
|||||
| CVE-2016-6370 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
|
|||||
| CVE-2012-5427 | 1 Cisco | 1 Ios | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
|
|||||
| CVE-2015-6319 | 2 Cisco, Sun | 23 Rv016 Multi-wan Vpn Router, Rv042 Dual Wan Vpn Router, Rv042g Dual Gigabit Wan Vpn Router and 20 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
|
|||||
| CVE-2015-6368 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.
|
|||||