Filtered by vendor Cisco
Subscribe
Total
5838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8000 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2017-09-07 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | |||||
| CVE-2014-7997 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2017-09-07 | 6.1 MEDIUM | N/A |
| The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | |||||
| CVE-2014-7996 | 1 Cisco | 1 Unified Computing System | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. | |||||
| CVE-2014-7992 | 1 Cisco | 1 Ios | 2017-09-07 | 5.0 MEDIUM | N/A |
| The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | |||||
| CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2017-09-07 | 4.3 MEDIUM | N/A |
| The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | |||||
| CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | |||||
| CVE-2014-7989 | 1 Cisco | 8 B200 M3, B200 M4, B22 M3 and 5 more | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. | |||||
| CVE-2014-7988 | 1 Cisco | 1 Unity Connection | 2017-09-07 | 4.0 MEDIUM | N/A |
| The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. | |||||
| CVE-2014-8005 | 1 Cisco | 1 Ios Xr | 2017-09-07 | 5.0 MEDIUM | N/A |
| Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | |||||
| CVE-2014-7998 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2017-09-07 | 7.1 HIGH | N/A |
| Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |||||
| CVE-2016-6435 | 1 Cisco | 1 Firepower Management Center | 2017-09-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||||
| CVE-2016-6434 | 1 Cisco | 1 Firepower Management Center | 2017-09-02 | 4.6 MEDIUM | 7.8 HIGH |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||||
| CVE-2016-1464 | 1 Cisco | 1 Webex Wrf Player T29 | 2017-09-02 | 9.3 HIGH | 7.8 HIGH |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||||
| CVE-2016-1415 | 1 Cisco | 1 Webex Wrf Player T29 | 2017-09-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. | |||||
| CVE-2016-1370 | 1 Cisco | 2 Network Analysis Module, Network Analysis Module Software | 2017-09-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. | |||||
| CVE-2015-6289 | 1 Cisco | 4 Integrated Services Router 800, Integrated Services Router 819, Integrated Services Router 829 and 1 more | 2017-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | |||||
| CVE-2016-1465 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2017-08-31 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. | |||||
| CVE-2016-1463 | 1 Cisco | 1 Firesight System Software | 2017-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | |||||
| CVE-2016-1462 | 1 Cisco | 1 Prime Service Catalog | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795. | |||||
| CVE-2016-1460 | 1 Cisco | 1 Wireless Lan Controller Software | 2017-08-31 | 6.1 MEDIUM | 6.5 MEDIUM |
| Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. | |||||