Filtered by vendor Cisco
Subscribe
Total
6501 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 8.0 HIGH | 6.5 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||||
| CVE-2015-6362 | 1 Cisco | 1 Connected Grid Network Management System | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | |||||
| CVE-2014-2197 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2025-04-12 | 9.0 HIGH | N/A |
| The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. | |||||
| CVE-2015-0649 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | |||||
| CVE-2014-3286 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
| CVE-2014-0694 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
| Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818. | |||||
| CVE-2015-0648 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | |||||
| CVE-2015-0616 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. | |||||
| CVE-2016-1359 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. | |||||
| CVE-2015-6337 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | |||||
| CVE-2015-4305 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | |||||
| CVE-2014-8004 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | |||||
| CVE-2014-8028 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | |||||
| CVE-2015-4209 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | 6.4 MEDIUM | N/A |
| Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. | |||||
| CVE-2024-20334 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-11 | N/A | 5.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-20347 | 1 Cisco | 1 Emergency Responder | 2025-04-11 | N/A | 4.3 MEDIUM |
| A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device. | |||||
| CVE-2024-20302 | 1 Cisco | 1 Nexus Dashboard Orchestrator | 2025-04-11 | N/A | 5.4 MEDIUM |
| A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic. | |||||
| CVE-2024-20360 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-11 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. | |||||
| CVE-2012-0338 | 1 Cisco | 1 Ios | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. | |||||