Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Ios
Total 608 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0293 1 Cisco 1 Ios 2025-04-03 7.5 HIGH N/A
AAA authentication on Cisco systems allows attackers to execute commands without authorization.
CVE-2002-1359 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2025-04-03 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2003-0647 1 Cisco 1 Ios 2025-04-03 7.5 HIGH N/A
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
CVE-2000-0368 1 Cisco 1 Ios 2025-04-03 2.1 LOW N/A
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
CVE-2006-4775 1 Cisco 2 Catos, Ios 2025-04-03 7.8 HIGH N/A
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
CVE-2002-1706 1 Cisco 3 Ios, Ubr7100, Ubr7200 2025-04-03 5.0 MEDIUM 7.5 HIGH
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
CVE-2001-1434 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
CVE-2001-0750 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
CVE-2004-1111 1 Cisco 10 7200 Router, 7300 Router, 7500 Router and 7 more 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.
CVE-2005-4258 1 Cisco 71 Catalyst, Catalyst 1200 Series, Catalyst 1900 Series and 68 more 2025-04-03 7.8 HIGH N/A
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
CVE-2006-4650 1 Cisco 1 Ios 2025-04-03 2.6 LOW N/A
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
CVE-2003-0511 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL.
CVE-1999-1129 1 Cisco 2 Catalyst 2900 Vlan, Ios 2025-04-03 7.5 HIGH N/A
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
CVE-2005-4826 1 Cisco 1 Ios 2025-04-03 6.1 MEDIUM N/A
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.
CVE-2005-3481 1 Cisco 1 Ios 2025-04-03 9.3 HIGH N/A
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
CVE-2003-0567 1 Cisco 3 Ios, Ons 15454 Optical Transport Platform, Optical Networking Systems Software 2025-04-03 7.8 HIGH N/A
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full.
CVE-2005-1021 1 Cisco 1 Ios 2025-04-03 7.1 HIGH N/A
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
CVE-2002-1360 7 Cisco, Fissh, Intersoft and 4 more 7 Ios, Ssh Client, Securenetterm and 4 more 2025-04-03 10.0 HIGH N/A
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2025-04-03 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2002-0339 1 Cisco 1 Ios 2025-04-03 5.0 MEDIUM N/A
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.