Filtered by vendor Cisco
Subscribe
Total
6501 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1342 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | |||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 8.5 HIGH | 8.8 HIGH |
| The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | |||||
| CVE-2014-7999 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | 7.7 HIGH | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. | |||||
| CVE-2016-1305 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | |||||
| CVE-2016-6425 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2014-0746 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | 4.0 MEDIUM | N/A |
| The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. | |||||
| CVE-2016-1423 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. | |||||
| CVE-2016-6428 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | |||||
| CVE-2016-6470 | 1 Cisco | 1 Hybrid Media Service | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0. | |||||
| CVE-2014-3290 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 4.8 MEDIUM | N/A |
| The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | |||||
| CVE-2016-1444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | |||||
| CVE-2016-1295 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. | |||||
| CVE-2015-6333 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-04-12 | 4.6 MEDIUM | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||||
| CVE-2015-6285 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 6.4 MEDIUM | N/A |
| Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | |||||
| CVE-2016-1434 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | |||||
| CVE-2012-5014 | 1 Cisco | 1 Ios | 2025-04-12 | 6.3 MEDIUM | N/A |
| Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. | |||||
| CVE-2012-4651 | 1 Cisco | 1 Ios | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | |||||
| CVE-2015-0611 | 1 Cisco | 3 Telepresence Ix5000, Telepresence Ix5200, Telepresence System Software Ix | 2025-04-12 | 6.5 MEDIUM | N/A |
| The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. | |||||
| CVE-2015-4330 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.9 MEDIUM | N/A |
| A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. | |||||