Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,228 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3389 | 0.00 | — | 0.03 | Oct 10, 2014 | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a… | |||
| CVE-2014-3388 | 0.00 | — | 0.01 | Oct 10, 2014 | The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327. | |||
| CVE-2014-3387 | 0.00 | — | 0.01 | Oct 10, 2014 | The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to… | |||
| CVE-2014-3386 | 0.00 | — | 0.02 | Oct 10, 2014 | The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of… | |||
| CVE-2014-3385 | 0.00 | — | 0.01 | Oct 10, 2014 | Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers… | |||
| CVE-2014-3384 | 0.00 | — | 0.02 | Oct 10, 2014 | The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID… | |||
| CVE-2014-3383 | 0.00 | — | 0.01 | Oct 10, 2014 | The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. | |||
| CVE-2014-3382 | 0.00 | — | 0.01 | Oct 10, 2014 | The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to… | |||
| CVE-2014-3405 | 0.00 | — | 0.01 | Oct 10, 2014 | Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL… | |||
| CVE-2014-3404 | 0.00 | — | 0.01 | Oct 10, 2014 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. | |||
| CVE-2014-3403 | 0.00 | — | 0.01 | Oct 10, 2014 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | |||
| CVE-2014-3399 | 0.00 | — | 0.01 | Oct 7, 2014 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject… | |||
| CVE-2014-3400 | 0.00 | — | 0.01 | Oct 5, 2014 | Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. | |||
| CVE-2014-3398 | 0.00 | — | 0.02 | Oct 5, 2014 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. | |||
| CVE-2014-3396 | 0.00 | — | 0.01 | Oct 5, 2014 | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | |||
| CVE-2014-3395 | 0.00 | — | 0.02 | Sep 30, 2014 | Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. | |||
| CVE-2013-3068 | 0.00 | — | 0.01 | Sep 29, 2014 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | |||
| CVE-2014-3361 | 0.00 | — | 0.02 | Sep 25, 2014 | The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | |||
| CVE-2014-3360 | 0.00 | — | 0.03 | Sep 25, 2014 | Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP… | |||
| CVE-2014-3359 | 0.00 | — | 0.03 | Sep 25, 2014 | Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed… | |||
| CVE-2014-3358 | 0.00 | — | 0.03 | Sep 25, 2014 | Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload)… | |||
| CVE-2014-3357 | 0.00 | — | 0.03 | Sep 25, 2014 | Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. | |||
| CVE-2014-3356 | 0.00 | — | 0.03 | Sep 25, 2014 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID… | |||
| CVE-2014-3355 | 0.00 | — | 0.03 | Sep 25, 2014 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID… | |||
| CVE-2014-3354 | 0.00 | — | 0.03 | Sep 25, 2014 | Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload)… | |||
| CVE-2014-3380 | 0.00 | — | 0.03 | Sep 24, 2014 | Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. | |||
| CVE-2014-3379 | 0.00 | — | 0.01 | Sep 20, 2014 | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466. | |||
| CVE-2014-3378 | 0.00 | — | 0.02 | Sep 20, 2014 | tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||
| CVE-2014-3377 | 0.00 | — | 0.01 | Sep 20, 2014 | snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||
| CVE-2014-3376 | 0.00 | — | 0.02 | Sep 20, 2014 | Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||
| CVE-2014-3367 | 0.00 | — | 0.01 | Sep 20, 2014 | Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. | |||
| CVE-2014-3363 | 0.00 | — | 0.02 | Sep 12, 2014 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | |||
| CVE-2014-3362 | 0.00 | — | 0.03 | Sep 12, 2014 | Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. | |||
| CVE-2014-3342 | 0.00 | — | 0.01 | Sep 12, 2014 | The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | |||
| CVE-2014-5868 | 0.00 | — | 0.00 | Sep 11, 2014 | The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2014-3348 | 0.00 | — | 0.03 | Sep 10, 2014 | The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. | |||
| CVE-2014-3343 | 0.00 | — | 0.02 | Sep 10, 2014 | Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | |||
| CVE-2014-3353 | 0.00 | — | 0.03 | Sep 4, 2014 | Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | |||
| CVE-2014-3352 | 0.00 | — | 0.03 | Aug 30, 2014 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame… | |||
| CVE-2014-3351 | 0.00 | — | 0.03 | Aug 29, 2014 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380. | |||
| CVE-2014-3350 | 0.00 | — | 0.02 | Aug 29, 2014 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. | |||
| CVE-2014-3349 | 0.00 | — | 0.02 | Aug 29, 2014 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | |||
| CVE-2014-3346 | 0.00 | — | 0.02 | Aug 29, 2014 | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug… | |||
| CVE-2014-3347 | 0.00 | — | 0.01 | Aug 28, 2014 | Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection,… | |||
| CVE-2014-3345 | 0.00 | — | 0.02 | Aug 28, 2014 | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID… | |||
| CVE-2014-3344 | 0.00 | — | 0.02 | Aug 28, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug… | |||
| CVE-2014-3335 | 0.00 | — | 0.01 | Aug 26, 2014 | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750. | |||
| CVE-2014-3340 | 0.00 | — | 0.02 | Aug 20, 2014 | Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. | |||
| CVE-2014-3331 | 0.00 | — | 0.02 | Aug 20, 2014 | The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID… | |||
| CVE-2014-3341 | 0.00 | — | 0.05 | Aug 19, 2014 | The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. |
- CVE-2014-3389Oct 10, 2014risk 0.00cvss —epss 0.03
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a…
- CVE-2014-3388Oct 10, 2014risk 0.00cvss —epss 0.01
The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.
- CVE-2014-3387Oct 10, 2014risk 0.00cvss —epss 0.01
The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to…
- CVE-2014-3386Oct 10, 2014risk 0.00cvss —epss 0.02
The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of…
- CVE-2014-3385Oct 10, 2014risk 0.00cvss —epss 0.01
Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers…
- CVE-2014-3384Oct 10, 2014risk 0.00cvss —epss 0.02
The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID…
- CVE-2014-3383Oct 10, 2014risk 0.00cvss —epss 0.01
The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.
- CVE-2014-3382Oct 10, 2014risk 0.00cvss —epss 0.01
The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to…
- CVE-2014-3405Oct 10, 2014risk 0.00cvss —epss 0.01
Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL…
- CVE-2014-3404Oct 10, 2014risk 0.00cvss —epss 0.01
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
- CVE-2014-3403Oct 10, 2014risk 0.00cvss —epss 0.01
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
- CVE-2014-3399Oct 7, 2014risk 0.00cvss —epss 0.01
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject…
- CVE-2014-3400Oct 5, 2014risk 0.00cvss —epss 0.01
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
- CVE-2014-3398Oct 5, 2014risk 0.00cvss —epss 0.02
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.
- CVE-2014-3396Oct 5, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133.
- CVE-2014-3395Sep 30, 2014risk 0.00cvss —epss 0.02
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.
- CVE-2013-3068Sep 29, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
- CVE-2014-3361Sep 25, 2014risk 0.00cvss —epss 0.02
The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
- CVE-2014-3360Sep 25, 2014risk 0.00cvss —epss 0.03
Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP…
- CVE-2014-3359Sep 25, 2014risk 0.00cvss —epss 0.03
Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed…
- CVE-2014-3358Sep 25, 2014risk 0.00cvss —epss 0.03
Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload)…
- CVE-2014-3357Sep 25, 2014risk 0.00cvss —epss 0.03
Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.
- CVE-2014-3356Sep 25, 2014risk 0.00cvss —epss 0.03
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID…
- CVE-2014-3355Sep 25, 2014risk 0.00cvss —epss 0.03
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID…
- CVE-2014-3354Sep 25, 2014risk 0.00cvss —epss 0.03
Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload)…
- CVE-2014-3380Sep 24, 2014risk 0.00cvss —epss 0.03
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063.
- CVE-2014-3379Sep 20, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.
- CVE-2014-3378Sep 20, 2014risk 0.00cvss —epss 0.02
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
- CVE-2014-3377Sep 20, 2014risk 0.00cvss —epss 0.01
snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.
- CVE-2014-3376Sep 20, 2014risk 0.00cvss —epss 0.02
Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
- CVE-2014-3367Sep 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.
- CVE-2014-3363Sep 12, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.
- CVE-2014-3362Sep 12, 2014risk 0.00cvss —epss 0.03
Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677.
- CVE-2014-3342Sep 12, 2014risk 0.00cvss —epss 0.01
The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.
- CVE-2014-5868Sep 11, 2014risk 0.00cvss —epss 0.00
The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2014-3348Sep 10, 2014risk 0.00cvss —epss 0.03
The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.
- CVE-2014-3343Sep 10, 2014risk 0.00cvss —epss 0.02
Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.
- CVE-2014-3353Sep 4, 2014risk 0.00cvss —epss 0.03
Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165.
- CVE-2014-3352Aug 30, 2014risk 0.00cvss —epss 0.03
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame…
- CVE-2014-3351Aug 29, 2014risk 0.00cvss —epss 0.03
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380.
- CVE-2014-3350Aug 29, 2014risk 0.00cvss —epss 0.02
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.
- CVE-2014-3349Aug 29, 2014risk 0.00cvss —epss 0.02
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.
- CVE-2014-3346Aug 29, 2014risk 0.00cvss —epss 0.02
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug…
- CVE-2014-3347Aug 28, 2014risk 0.00cvss —epss 0.01
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection,…
- CVE-2014-3345Aug 28, 2014risk 0.00cvss —epss 0.02
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID…
- CVE-2014-3344Aug 28, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug…
- CVE-2014-3335Aug 26, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
- CVE-2014-3340Aug 20, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.
- CVE-2014-3331Aug 20, 2014risk 0.00cvss —epss 0.02
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID…
- CVE-2014-3341Aug 19, 2014risk 0.00cvss —epss 0.05
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.
Page 111 of 145