Filtered by vendor Cisco
Subscribe
Total
6229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1471 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232. | |||||
| CVE-2016-6385 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. | |||||
| CVE-2015-6370 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 7.2 HIGH | N/A |
| The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | |||||
| CVE-2016-6377 | 1 Cisco | 1 Media Origination System Suite | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | |||||
| CVE-2015-0578 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.7 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. | |||||
| CVE-2014-3266 | 1 Cisco | 1 Security Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. | |||||
| CVE-2016-1486 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. | |||||
| CVE-2015-6411 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061. | |||||
| CVE-2014-3278 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572. | |||||
| CVE-2015-0716 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | |||||
| CVE-2015-4322 | 1 Cisco | 1 Content Security Management Appliance | 2025-04-12 | 5.5 MEDIUM | N/A |
| Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | |||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2025-04-12 | 7.8 HIGH | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | |||||
| CVE-2016-1402 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | |||||
| CVE-2015-0647 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | |||||
| CVE-2016-6467 | 1 Cisco | 2 Asr 5000, Asr 5000 Series Software | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. | |||||
| CVE-2014-2174 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 8.3 HIGH | N/A |
| Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. | |||||
| CVE-2015-6391 | 1 Cisco | 1 Unified Sip Phone 3900 Firmware | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. | |||||
| CVE-2015-4217 | 1 Cisco | 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. | |||||
| CVE-2014-3406 | 1 Cisco | 1 Intrusion Prevention System | 2025-04-12 | 7.1 HIGH | N/A |
| Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID CSCud82085. | |||||
| CVE-2014-2183 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2025-04-12 | 6.3 MEDIUM | N/A |
| The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | |||||