VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,226 total · sorted by risk
  • CVE-2015-6328Oct 13, 2015
    risk 0.00cvss epss 0.02

    The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.

  • CVE-2015-6315Oct 13, 2015
    risk 0.00cvss epss 0.00

    Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694.

  • CVE-2015-6331Oct 12, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.

  • CVE-2015-6329Oct 12, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074.

  • CVE-2015-6322Oct 12, 2015
    risk 0.00cvss epss 0.00

    The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

  • CVE-2015-6318Oct 12, 2015
    risk 0.00cvss epss 0.00

    Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969.

  • CVE-2015-4325Oct 12, 2015
    risk 0.00cvss epss 0.00

    The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID…

  • CVE-2015-4265Oct 12, 2015
    risk 0.00cvss epss 0.00

    Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

  • CVE-2015-6263Oct 12, 2015
    risk 0.00cvss epss 0.01

    The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324.

  • CVE-2015-6311Oct 8, 2015
    risk 0.00cvss epss 0.01

    Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.

  • CVE-2015-6310Oct 8, 2015
    risk 0.00cvss epss 0.02

    The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.

  • CVE-2015-7600Oct 6, 2015
    risk 0.00cvss epss 0.01

    Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

  • CVE-2015-6309Oct 2, 2015
    risk 0.00cvss epss 0.02

    Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, aka Bug ID CSCuw32211.

  • CVE-2015-6308Oct 2, 2015
    risk 0.00cvss epss 0.02

    Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684.

  • CVE-2015-6307Sep 28, 2015
    risk 0.00cvss epss 0.01

    Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.

  • CVE-2015-6280Sep 28, 2015
    risk 0.00cvss epss 0.04

    The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication,…

  • CVE-2015-6279Sep 28, 2015
    risk 0.00cvss epss 0.03

    The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and…

  • CVE-2015-6278Sep 28, 2015
    risk 0.00cvss epss 0.03

    The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and…

  • CVE-2015-6302Sep 26, 2015
    risk 0.00cvss epss 0.02

    The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419.

  • CVE-2015-6282Sep 26, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933.

  • CVE-2015-6304Sep 24, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760.

  • CVE-2015-6303Sep 24, 2015
    risk 0.00cvss epss 0.01

    The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and…

  • CVE-2015-6301Sep 20, 2015
    risk 0.00cvss epss 0.02

    The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171.

  • CVE-2015-6300Sep 20, 2015
    risk 0.00cvss epss 0.02

    Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.

  • CVE-2015-6299Sep 20, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.

  • CVE-2015-6295Sep 20, 2015
    risk 0.00cvss epss 0.01

    Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID…

  • CVE-2015-6284Sep 20, 2015
    risk 0.00cvss epss 0.02

    Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a…

  • CVE-2015-4307Sep 20, 2015
    risk 0.00cvss epss 0.03

    The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111.

  • CVE-2015-4306Sep 20, 2015
    risk 0.00cvss epss 0.02

    The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a…

  • CVE-2015-4305Sep 20, 2015
    risk 0.00cvss epss 0.02

    The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID…

  • CVE-2015-4304Sep 20, 2015
    risk 0.00cvss epss 0.03

    The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and…

  • CVE-2015-6297Sep 18, 2015
    risk 0.00cvss epss 0.02

    The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525.

  • CVE-2015-6296Sep 18, 2015
    risk 0.00cvss epss 0.00

    Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825.

  • CVE-2015-6294Sep 18, 2015
    risk 0.00cvss epss 0.01

    Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770.

  • CVE-2015-6290Sep 14, 2015
    risk 0.00cvss epss 0.01

    Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.

  • CVE-2015-6288Sep 14, 2015
    risk 0.00cvss epss 0.02

    Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620.

  • CVE-2015-6287Sep 14, 2015
    risk 0.00cvss epss 0.02

    Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907.

  • CVE-2015-6286Sep 14, 2015
    risk 0.00cvss epss 0.01

    Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016.

  • CVE-2015-6285Sep 14, 2015
    risk 0.00cvss epss 0.01

    Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

  • CVE-2015-6276Sep 5, 2015
    risk 0.00cvss epss 0.01

    Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificate…

  • CVE-2015-6259Sep 4, 2015
    risk 0.00cvss epss 0.03

    The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka…

  • CVE-2015-6277Sep 2, 2015
    risk 0.00cvss epss 0.01

    The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices…

  • CVE-2015-6274Sep 2, 2015
    risk 0.00cvss epss 0.02

    The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

  • CVE-2015-4330Sep 2, 2015
    risk 0.00cvss epss 0.01

    A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

  • CVE-2015-6272Aug 31, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064.

  • CVE-2015-6271Aug 31, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008.

  • CVE-2015-6270Aug 31, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.

  • CVE-2015-6269Aug 31, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.

  • CVE-2015-6273Aug 29, 2015
    risk 0.00cvss epss 0.02

    Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka…

  • CVE-2015-6268Aug 29, 2015
    risk 0.00cvss epss 0.01

    Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

Page 102 of 145