VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2014-3291Jun 8, 2014
    risk 0.00cvss epss 0.01

    Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.

  • CVE-2014-3286Jun 8, 2014
    risk 0.00cvss epss 0.02

    The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.

  • CVE-2014-3281Jun 8, 2014
    risk 0.00cvss epss 0.01

    The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and…

  • CVE-2014-3278Jun 8, 2014
    risk 0.00cvss epss 0.01

    The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.

  • CVE-2014-3280Jun 3, 2014
    risk 0.00cvss epss 0.02

    The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI…

  • CVE-2014-3285May 29, 2014
    risk 0.00cvss epss 0.03

    Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint…

  • CVE-2014-3283May 29, 2014
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted…

  • CVE-2014-3282May 29, 2014
    risk 0.00cvss epss 0.02

    The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging…

  • CVE-2014-3279May 29, 2014
    risk 0.00cvss epss 0.02

    The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and…

  • CVE-2014-3277May 29, 2014
    risk 0.00cvss epss 0.02

    The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location…

  • CVE-2014-3261May 26, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before…

  • CVE-2014-2201May 26, 2014
    risk 0.00cvss epss 0.02

    The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID…

  • CVE-2014-2200May 26, 2014
    risk 0.00cvss epss 0.01

    Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.

  • CVE-2013-1191May 26, 2014
    risk 0.00cvss epss 0.02

    Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.

  • CVE-2014-3276May 26, 2014
    risk 0.00cvss epss 0.02

    Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by…

  • CVE-2014-3275May 26, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.

  • CVE-2014-3274May 26, 2014
    risk 0.00cvss epss 0.01

    Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified…

  • CVE-2014-3272May 26, 2014
    risk 0.00cvss epss 0.00

    The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.

  • CVE-2014-3267May 26, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.

  • CVE-2014-3266May 26, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.

  • CVE-2014-2196May 26, 2014
    risk 0.00cvss epss 0.02

    Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.

  • CVE-2014-3284May 25, 2014
    risk 0.00cvss epss 0.01

    Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.

  • CVE-2014-3273May 20, 2014
    risk 0.00cvss epss 0.01

    The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.

  • CVE-2014-3271May 20, 2014
    risk 0.00cvss epss 0.02

    The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.

  • CVE-2014-3270May 20, 2014
    risk 0.00cvss epss 0.02

    The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.

  • CVE-2014-3269May 20, 2014
    risk 0.00cvss epss 0.01

    The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.

  • CVE-2014-3268May 20, 2014
    risk 0.00cvss epss 0.01

    Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.

  • CVE-2014-3265May 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.

  • CVE-2014-3264May 20, 2014
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561.

  • CVE-2014-2199May 20, 2014
    risk 0.00cvss epss 0.02

    meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote…

  • CVE-2014-2195May 20, 2014
    risk 0.00cvss epss 0.01

    Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID…

  • CVE-2014-2194May 20, 2014
    risk 0.00cvss epss 0.01

    system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.

  • CVE-2014-2193May 20, 2014
    risk 0.00cvss epss 0.01

    Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

  • CVE-2014-2192May 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.

  • CVE-2013-6975May 20, 2014
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.

  • CVE-2014-3263May 16, 2014
    risk 0.00cvss epss 0.02

    The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.

  • CVE-2014-3262May 16, 2014
    risk 0.00cvss epss 0.02

    The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages,…

  • CVE-2014-2136May 8, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka…

  • CVE-2014-2135May 8, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka…

  • CVE-2014-2134May 8, 2014
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio…

  • CVE-2014-2133May 8, 2014
    risk 0.00cvss epss 0.03

    Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that…

  • CVE-2014-2132May 8, 2014
    risk 0.00cvss epss 0.02

    Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a…

  • CVE-2014-2191May 7, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113.

  • CVE-2014-2190May 7, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and…

  • CVE-2014-2181May 7, 2014
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.

  • CVE-2014-0685May 7, 2014
    risk 0.00cvss epss 0.01

    Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.

  • CVE-2014-0684May 7, 2014
    risk 0.00cvss epss 0.00

    Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.

  • CVE-2014-2175May 2, 2014
    risk 0.00cvss epss 0.01

    Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.

  • CVE-2014-2173May 2, 2014
    risk 0.00cvss epss 0.00

    Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.

  • CVE-2014-2172May 2, 2014
    risk 0.00cvss epss 0.00

    Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.

Page 113 of 145