VYPR

Cisco iOS

by Cisco Systems, Inc.

CVEs (817)

  • CVE-2025-43532LowDec 12, 2025
    risk 0.18cvss 2.8epss 0.00

    A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing malicious data…

  • CVE-2025-43365LowNov 4, 2025
    risk 0.18cvss 2.8epss 0.00

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.

  • CVE-2025-43349LowSep 15, 2025
    risk 0.18cvss 2.8epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted video file…

  • CVE-2025-31216LowNov 21, 2025
    risk 0.16cvss 2.4epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.

  • CVE-2025-43309LowNov 4, 2025
    risk 0.16cvss 2.4epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

  • CVE-2025-43423LowNov 4, 2025
    risk 0.13cvss 2.0epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able…

  • CVE-2026-20700KEVFeb 11, 2026
    risk 0.12cvss epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a…

  • CVE-1999-0016Dec 1, 1997
    risk 0.11cvss epss 0.96

    Land IP denial of service.

  • CVE-2002-1359Dec 23, 2002
    risk 0.09cvss epss 0.80

    Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.

  • CVE-2001-0537Jul 21, 2001
    risk 0.08cvss epss 0.68

    HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

  • CVE-2000-0380Apr 26, 2000
    risk 0.06cvss epss 0.35

    The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

  • CVE-2014-7992Nov 18, 2014
    risk 0.05cvss epss 0.27

    The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014.

  • CVE-2007-4286Aug 9, 2007
    risk 0.05cvss epss 0.19

    Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

  • CVE-2009-1220Apr 1, 2009
    risk 0.04cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows…

  • CVE-2008-4128Sep 18, 2008
    risk 0.04cvss epss 0.12

    Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI,…

  • CVE-2007-5381Oct 12, 2007
    risk 0.04cvss epss 0.15

    Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated…

  • CVE-2007-4430Aug 20, 2007
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are…

  • CVE-2007-2586May 10, 2007
    risk 0.04cvss epss 0.14

    The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY…

  • CVE-2006-0354Jan 22, 2006
    risk 0.04cvss epss 0.10

    Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets,…

  • CVE-2005-2841Sep 8, 2005
    risk 0.04cvss epss 0.14

    Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication…

Page 19 of 41