Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cisco Subscribe
Total 5838 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0593 1 Cisco 1 Ios 2017-09-07 7.1 HIGH N/A
The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003.
CVE-2015-0592 1 Cisco 1 Ios 2017-09-07 7.8 HIGH N/A
The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672.
CVE-2015-0611 1 Cisco 3 Telepresence Ix5000, Telepresence Ix5200, Telepresence System Software Ix 2017-09-07 6.5 MEDIUM N/A
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174.
CVE-2015-0610 1 Cisco 1 Ios 2017-09-07 4.3 MEDIUM N/A
Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071.
CVE-2015-0609 1 Cisco 1 Ios 2017-09-07 7.1 HIGH N/A
Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.
CVE-2014-8036 1 Cisco 1 Webex Meetings Server 2017-09-07 5.0 MEDIUM N/A
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.
CVE-2014-8035 1 Cisco 1 Webex Meetings Server 2017-09-07 5.0 MEDIUM N/A
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.
CVE-2014-8034 1 Cisco 1 Webex Meetings Server 2017-09-07 5.0 MEDIUM N/A
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.
CVE-2014-8033 1 Cisco 1 Webex Meetings Server 2017-09-07 5.0 MEDIUM N/A
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.
CVE-2014-8032 1 Cisco 1 Webex Meetings Server 2017-09-07 4.0 MEDIUM N/A
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.
CVE-2014-8031 1 Cisco 1 Webex Meetings Server 2017-09-07 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.
CVE-2014-8030 1 Cisco 1 Webex Meetings Server 2017-09-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.
CVE-2014-8029 1 Cisco 1 Secure Access Control System 2017-09-07 5.8 MEDIUM N/A
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.
CVE-2014-8028 1 Cisco 1 Secure Access Control System 2017-09-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.
CVE-2014-8027 1 Cisco 1 Secure Access Control System 2017-09-07 6.5 MEDIUM N/A
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
CVE-2014-8023 1 Cisco 1 Adaptive Security Appliance Software 2017-09-07 4.0 MEDIUM N/A
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.
CVE-2014-8022 1 Cisco 1 Identity Services Engine Software 2017-09-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
CVE-2014-8021 1 Cisco 2 Anyconnect Secure Mobility Client, Hostscan Engine 2017-09-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
CVE-2014-8020 1 Cisco 1 Unified Communications Domain Manager 2017-09-07 5.0 MEDIUM N/A
Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.
CVE-2014-8004 1 Cisco 1 Ios Xr 2017-09-07 5.0 MEDIUM N/A
Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378.