Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2056 | 1 Cisco | 1 Ios Xr | 2025-04-09 | 3.3 LOW | N/A |
|
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
|
|||||
| CVE-2007-1542 | 1 Cisco | 2 7940 Router, 7960 Router | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5582 | 1 Cisco | 1 Ciscoworks Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2007-2463 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.
|
|||||
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unr ...
Show More |
|||||
| CVE-2008-0027 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
|
|||||
| CVE-2008-2636 | 1 Cisco | 1 Linksys Wrh54g Router | 2025-04-09 | 7.8 HIGH | N/A |
|
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page" sequence, and ends with a ".asp" sequence.
|
|||||
| CVE-2007-2586 | 1 Cisco | 1 Ios | 2025-04-09 | 9.3 HIGH | N/A |
|
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
|
|||||
| CVE-2009-2862 | 1 Cisco | 1 Ios | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.
|
|||||
| CVE-2008-3802 | 1 Cisco | 1 Ios | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801.
|
|||||
| CVE-2006-5806 | 1 Cisco | 1 Secure Desktop | 2025-04-09 | 2.1 LOW | N/A |
|
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
|
|||||
| CVE-2009-1163 | 1 Cisco | 1 Physical Access Gateway | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets.
|
|||||
| CVE-2009-2864 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
|
|||||
| CVE-2008-1158 | 1 Cisco | 2 Unified Presence, Unified Presence Server | 2025-04-09 | 7.8 HIGH | N/A |
|
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
|
|||||
| CVE-2008-3803 | 1 Cisco | 1 Ios | 2025-04-09 | 5.1 MEDIUM | N/A |
|
A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances.
|
|||||
| CVE-2009-0625 | 1 Cisco | 3 Ace 4710, Application Control Engine Module, Catalyst | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
|
|||||
| CVE-2008-1159 | 1 Cisco | 3 Ios S, Ios T, Ios Xr | 2025-04-09 | 7.1 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
|
|||||
| CVE-2008-2165 | 1 Cisco | 1 Building Broadband Service Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2007-2041 | 1 Cisco | 2 2100 Wireless Lan Controller, 4400 Wireless Lan Controller | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.
|
|||||
| CVE-2007-0479 | 1 Cisco | 1 Ios Transmission Control Protocol | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
|
|||||
| CVE-2007-4011 | 1 Cisco | 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
|
|||||
| CVE-2009-2861 | 1 Cisco | 2 Aironet Ap1100, Aironet Ap1200 | 2025-04-09 | 7.3 HIGH | N/A |
|
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.
|
|||||
| CVE-2008-3800 | 1 Cisco | 3 Ios, Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
|
|||||
| CVE-2007-4284 | 1 Cisco | 1 Meetingplace Web Confrencing | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.
|
|||||
| CVE-2008-2733 | 1 Cisco | 2 Adaptive Security Appliance 5500, Pix | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.
|
|||||
| CVE-2008-4543 | 1 Cisco | 1 Unity | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.
|
|||||
| CVE-2009-2877 | 1 Cisco | 1 Webex | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
|
|||||
| CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2025-04-09 | 7.5 HIGH | N/A |
|
Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.
|
|||||
| CVE-2009-2880 | 1 Cisco | 1 Webex | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
|
|||||
| CVE-2007-0648 | 1 Cisco | 1 Ios | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
|
|||||
| CVE-2007-2832 | 1 Cisco | 1 Call Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
|
|||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2007-5548 | 1 Cisco | 1 Ios | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-0199 | 1 Cisco | 1 Ios | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
|
|||||
| CVE-2008-2061 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
|
|||||
| CVE-2008-0532 | 1 Cisco | 3 Acs For Windows, Acs Solution Engine, User Changeable Password | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
|
|||||
| CVE-2008-4444 | 1 Cisco | 2 Unified Ip Phone 7940g, Unified Ip Phone 7960g | 2025-04-09 | 7.1 HIGH | N/A |
|
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
|
|||||
| CVE-2008-0029 | 1 Cisco | 5 Application Velocity System, Application Velocity System 3110, Application Velocity System 3120 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
|
|||||
| CVE-2007-5537 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
|
|||||
| CVE-2009-0629 | 1 Cisco | 2 Ios, Ios Xr | 2025-04-09 | 5.4 MEDIUM | N/A |
|
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) vi ...
Show More |
|||||