Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005.
|
|||||
| CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Land IP denial of service.
|
|||||
| CVE-2002-2315 | 1 Cisco | 1 Ios | 2025-04-03 | 7.8 HIGH | N/A |
|
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
|
|||||
| CVE-2005-0597 | 1 Cisco | 1 Application And Content Networking Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection."
|
|||||
| CVE-2000-0486 | 1 Cisco | 2 Ios, Tacacs\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.
|
|||||
| CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
|
|||||
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
|
|||||
| CVE-2000-1054 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
|
|||||
| CVE-2002-1096 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
|
|||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
|
|||||
| CVE-2004-0044 | 1 Cisco | 1 Personal Assistant | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
|
|||||
| CVE-2001-0867 | 1 Cisco | 1 12000 Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
|
|||||
| CVE-2006-4194 | 1 Cisco | 8 Pix Firewall 501, Pix Firewall 506, Pix Firewall 515 and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue
|
|||||
| CVE-2006-0486 | 1 Cisco | 1 Ios | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
|
|||||
| CVE-2004-1459 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.
|
|||||
| CVE-2005-4825 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-03 | 5.7 MEDIUM | N/A |
|
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332.
|
|||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2025-04-03 | 10.0 HIGH | N/A |
|
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
|
|||||
| CVE-2002-2052 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, allows remote attackers to cause a denial of service via port scans such as (1) scanning all ports on a single host and (2) scanning a network of hosts for a single open port through the router. NOTE: the vendor could not reproduce this issue, saying that the original reporter was using an interim release of the software.
|
|||||
| CVE-2002-0952 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.
|
|||||
| CVE-2005-2181 | 1 Cisco | 4 Ip Phone 7940, Ip Phone 7940 Firmware, Ip Phone 7960 and 1 more | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.
|
|||||
| CVE-2001-0895 | 1 Cisco | 11 Catalyst 2900xl, Catalyst 2948g-l3, Catalyst 2950 and 8 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
|
|||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
|
|||||
| CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password.
|
|||||
| CVE-1999-1126 | 1 Cisco | 1 Resource Manager | 2025-04-03 | 2.1 LOW | N/A |
|
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
|
|||||
| CVE-2003-0567 | 1 Cisco | 3 Ios, Ons 15454 Optical Transport Platform, Optical Networking Systems Software | 2025-04-03 | 7.8 HIGH | N/A |
|
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
|
|||||
| CVE-2005-3788 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."
|
|||||
| CVE-2002-0792 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
|
|||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
|
|||||
| CVE-2004-1434 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
|
|||||
| CVE-2005-2841 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
|
|||||
| CVE-2002-1105 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
|
|||||
| CVE-2002-1092 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
|
|||||
| CVE-2001-0428 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
|
|||||
| CVE-1999-1100 | 1 Cisco | 1 Pix Private Link | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
|
|||||
| CVE-2002-1595 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.
|
|||||
| CVE-2003-0260 | 1 Cisco | 6 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3015 Concentrator and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
|
|||||
| CVE-2005-1517 | 1 Cisco | 1 Firewall Services Module | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
|
|||||
| CVE-2005-3427 | 1 Cisco | 1 Ciscoworks Management Center For Ips Sensors | 2025-04-03 | 2.1 LOW | N/A |
|
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
|
|||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
|
|||||
| CVE-2001-0041 | 1 Cisco | 1 Catos | 2025-04-03 | 7.8 HIGH | N/A |
|
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
|
|||||