Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4098 | 1 Cisco | 1 Nx-os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
|
|||||
| CVE-2013-1118 | 1 Cisco | 1 Webex Recording Format Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645.
|
|||||
| CVE-2011-3305 | 1 Cisco | 2 Nac Appliance, Nac Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
|
|||||
| CVE-2013-1196 | 1 Cisco | 11 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 8 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, C ...
Show More |
|||||
| CVE-2013-1180 | 1 Cisco | 6 Mds 9000, Nexus 7000, Nexus 7000 10-slot and 3 more | 2025-04-11 | 9.0 HIGH | N/A |
|
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822.
|
|||||
| CVE-2010-3039 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
|
|||||
| CVE-2013-1134 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.1 HIGH | N/A |
|
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
|
|||||
| CVE-2012-3055 | 1 Cisco | 1 Webex Recording Format Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953.
|
|||||
| CVE-2013-5501 | 1 Cisco | 1 Mediasense | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.
|
|||||
| CVE-2010-0145 | 1 Cisco | 2 Ironport Encryption Appliance, Ironport Postx | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.
|
|||||
| CVE-2012-0388 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
|
Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553.
|
|||||
| CVE-2010-4681 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.
|
|||||
| CVE-2013-5487 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
|
|||||
| CVE-2011-4007 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 5.4 MEDIUM | N/A |
|
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
|
|||||
| CVE-2011-2072 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.
|
|||||
| CVE-2010-0566 | 1 Cisco | 2 Asa 5500, Pix 500 | 2025-04-11 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.
|
|||||
| CVE-2011-3293 | 1 Cisco | 1 Secure Access Control Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
|
|||||
| CVE-2013-1120 | 1 Cisco | 2 Unity Express, Unity Express Software | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
|
|||||
| CVE-2011-3287 | 1 Cisco | 1 Jabber Extensible Communications Platform | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564.
|
|||||
| CVE-2012-4077 | 1 Cisco | 1 Nx-os | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
|
|||||
| CVE-2010-1562 | 1 Cisco | 1 Pgw 2200 Softswitch | 2025-04-11 | 7.8 HIGH | N/A |
|
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.
|
|||||
| CVE-2014-0670 | 1 Cisco | 1 Mediasense | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.
|
|||||
| CVE-2010-1579 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 16 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922.
|
|||||
| CVE-2013-5533 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-11 | 6.0 MEDIUM | N/A |
|
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.
|
|||||
| CVE-2012-0367 | 1 Cisco | 1 Unity Connection | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899.
|
|||||
| CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
|
|||||
| CVE-2013-6979 | 1 Cisco | 1 Ios Xe | 2025-04-11 | 5.4 MEDIUM | N/A |
|
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
|
|||||
| CVE-2013-5543 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.
|
|||||
| CVE-2012-1314 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
|
The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
|
|||||
| CVE-2012-4103 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.
|
|||||
| CVE-2013-3388 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776.
|
|||||
| CVE-2010-0600 | 1 Cisco | 4 Mediator Framework, Network Building Mediator Nbm-2400, Network Building Mediator Nbm-4800 and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
|
|||||
| CVE-2012-3893 | 1 Cisco | 1 Ios | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
|
|||||
| CVE-2010-0581 | 1 Cisco | 1 Ios | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
|
|||||
| CVE-2010-0585 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
|
|||||
| CVE-2011-0944 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
|
|||||
| CVE-2012-3057 | 1 Cisco | 1 Webex Recording Format Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755.
|
|||||
| CVE-2013-5497 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148.
|
|||||
| CVE-2013-5559 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.
|
|||||
| CVE-2012-0361 | 1 Cisco | 1 Ip Communicator | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315.
|
|||||