VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,227 total · sorted by risk
  • CVE-2024-20301Mar 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted…

  • CVE-2024-20328Mar 1, 2024
    risk 0.00cvss epss 0.85

    A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…

  • CVE-2024-20294Feb 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper…

  • CVE-2024-20344Feb 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected…

  • CVE-2024-20267Feb 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability…

  • CVE-2024-20321Feb 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped…

  • CVE-2024-20325Feb 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access…

  • CVE-2024-24091Feb 8, 2024
    risk 0.00cvss epss 0.01

    Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.

  • CVE-2023-20057NonJan 20, 2023
    risk 0.00cvss 0.0epss 0.01

    A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of…

  • CVE-2018-0429HigAug 9, 2018
    risk 0.00cvss 7.8epss 0.01

    Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream.

  • CVE-2015-6429Dec 19, 2015
    risk 0.00cvss epss 0.02

    The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.

  • CVE-2015-6428Dec 18, 2015
    risk 0.00cvss epss 0.02

    Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.

  • CVE-2015-6427Dec 18, 2015
    risk 0.00cvss epss 0.02

    Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.

  • CVE-2015-6426Dec 18, 2015
    risk 0.00cvss epss 0.00

    Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.

  • CVE-2015-6424Dec 18, 2015
    risk 0.00cvss epss 0.00

    The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.

  • CVE-2015-6425Dec 16, 2015
    risk 0.00cvss epss 0.02

    The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

  • CVE-2015-6411Dec 15, 2015
    risk 0.00cvss epss 0.01

    Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.

  • CVE-2015-6404Dec 15, 2015
    risk 0.00cvss epss 0.01

    Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

  • CVE-2015-6403Dec 15, 2015
    risk 0.00cvss epss 0.00

    The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

  • CVE-2015-6399Dec 15, 2015
    risk 0.00cvss epss 0.02

    The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286.

  • CVE-2015-6359Dec 15, 2015
    risk 0.00cvss epss 0.01

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug…

  • CVE-2015-4206Dec 15, 2015
    risk 0.00cvss epss 0.02

    Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

  • CVE-2015-6422Dec 14, 2015
    risk 0.00cvss epss 0.02

    The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.

  • CVE-2015-6416Dec 14, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

  • CVE-2015-6410Dec 14, 2015
    risk 0.00cvss epss 0.02

    The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283.

  • CVE-2015-6378Dec 14, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943.

  • CVE-2015-6418Dec 13, 2015
    risk 0.00cvss epss 0.02

    The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug…

  • CVE-2015-6414Dec 13, 2015
    risk 0.00cvss epss 0.00

    Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka…

  • CVE-2015-6413Dec 13, 2015
    risk 0.00cvss epss 0.02

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.

  • CVE-2015-6407Dec 13, 2015
    risk 0.00cvss epss 0.02

    Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.

  • CVE-2015-6406Dec 13, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.

  • CVE-2015-6405Dec 13, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501.

  • CVE-2015-6400Dec 13, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.

  • CVE-2015-6389Dec 13, 2015
    risk 0.00cvss epss 0.03

    Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707.

  • CVE-2015-6361Dec 13, 2015
    risk 0.00cvss epss 0.01

    The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw86170.

  • CVE-2015-6419Dec 12, 2015
    risk 0.00cvss epss 0.01

    Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.

  • CVE-2015-6415Dec 12, 2015
    risk 0.00cvss epss 0.02

    Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757.

  • CVE-2015-6408Dec 12, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.

  • CVE-2015-6417Dec 12, 2015
    risk 0.00cvss epss 0.01

    Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.

  • CVE-2015-6395Dec 12, 2015
    risk 0.00cvss epss 0.02

    Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.

  • CVE-2015-6394Dec 5, 2015
    risk 0.00cvss epss 0.00

    The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408.

  • CVE-2015-6391Dec 5, 2015
    risk 0.00cvss epss 0.02

    Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331.

  • CVE-2015-6388Dec 5, 2015
    risk 0.00cvss epss 0.02

    Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575.

  • CVE-2015-6387Dec 5, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.

  • CVE-2015-6384Dec 5, 2015
    risk 0.00cvss epss 0.02

    The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442.

  • CVE-2015-6390Dec 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.

  • CVE-2015-6383Dec 3, 2015
    risk 0.00cvss epss 0.00

    Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.

  • CVE-2015-6386Dec 1, 2015
    risk 0.00cvss epss 0.02

    The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions in which the control connection is ended after data transfer, aka Bug ID…

  • CVE-2015-6385Dec 1, 2015
    risk 0.00cvss epss 0.00

    The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID…

  • CVE-2015-6382Nov 26, 2015
    risk 0.00cvss epss 0.02

    Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815.

Page 100 of 145