Vendor CVEs
Cisco Systems, Inc.
All CVEs
7,228 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2145 | 0.00 | — | 0.02 | Apr 5, 2014 | Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. | |||
| CVE-2014-2144 | 0.00 | — | 0.01 | Apr 5, 2014 | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | |||
| CVE-2014-2143 | 0.00 | — | 0.02 | Apr 4, 2014 | The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. | |||
| CVE-2014-2117 | 0.00 | — | 0.02 | Apr 4, 2014 | Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. | |||
| CVE-2014-2116 | 0.00 | — | 0.02 | Apr 4, 2014 | Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. | |||
| CVE-2014-2115 | 0.00 | — | 0.01 | Apr 4, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250. | |||
| CVE-2014-2114 | 0.00 | — | 0.02 | Apr 4, 2014 | Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. | |||
| CVE-2014-2138 | 0.00 | — | 0.01 | Apr 2, 2014 | CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | |||
| CVE-2014-2137 | 0.00 | — | 0.01 | Apr 2, 2014 | CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | |||
| CVE-2014-2125 | 0.00 | — | 0.01 | Apr 2, 2014 | Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. | |||
| CVE-2014-2131 | 0.00 | — | 0.01 | Mar 29, 2014 | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. | |||
| CVE-2014-2118 | 0.00 | — | 0.02 | Mar 27, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. | |||
| CVE-2014-2113 | 0.00 | — | 0.02 | Mar 27, 2014 | Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | |||
| CVE-2014-2112 | 0.00 | — | 0.02 | Mar 27, 2014 | The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |||
| CVE-2014-2111 | 0.00 | — | 0.02 | Mar 27, 2014 | The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | |||
| CVE-2014-2109 | 0.00 | — | 0.02 | Mar 27, 2014 | The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | |||
| CVE-2014-2108 | 0.00 | — | 0.02 | Mar 27, 2014 | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | |||
| CVE-2014-2107 | 0.00 | — | 0.02 | Mar 27, 2014 | Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. | |||
| CVE-2014-2106 | 0.00 | — | 0.02 | Mar 27, 2014 | Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. | |||
| CVE-2014-2124 | 0.00 | — | 0.02 | Mar 21, 2014 | Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. | |||
| CVE-2014-2119 | 0.00 | — | 0.03 | Mar 21, 2014 | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated… | |||
| CVE-2014-0708 | 0.00 | — | 0.01 | Mar 21, 2014 | WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID… | |||
| CVE-2014-2122 | 0.00 | — | 0.03 | Mar 19, 2014 | Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. | |||
| CVE-2014-2121 | 0.00 | — | 0.03 | Mar 19, 2014 | The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. | |||
| CVE-2014-0694 | 0.00 | — | 0.01 | Mar 14, 2014 | Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs… | |||
| CVE-2014-0707 | 0.00 | — | 0.01 | Mar 6, 2014 | Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. | |||
| CVE-2014-0706 | 0.00 | — | 0.01 | Mar 6, 2014 | Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. | |||
| CVE-2014-0705 | 0.00 | — | 0.02 | Mar 6, 2014 | The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug… | |||
| CVE-2014-0704 | 0.00 | — | 0.01 | Mar 6, 2014 | The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an… | |||
| CVE-2014-0703 | 0.00 | — | 0.02 | Mar 6, 2014 | Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point… | |||
| CVE-2014-0701 | 0.00 | — | 0.01 | Mar 6, 2014 | Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. | |||
| CVE-2014-2104 | 0.00 | — | 0.01 | Mar 2, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536,… | |||
| CVE-2014-2103 | 0.00 | — | 0.01 | Feb 27, 2014 | Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. | |||
| CVE-2014-0679 | 0.00 | — | 0.02 | Feb 27, 2014 | Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. | |||
| CVE-2014-2102 | 0.00 | — | 0.01 | Feb 27, 2014 | Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. | |||
| CVE-2014-0747 | 0.00 | — | 0.00 | Feb 27, 2014 | The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||
| CVE-2014-0746 | 0.00 | — | 0.01 | Feb 27, 2014 | The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536. | |||
| CVE-2014-0745 | 0.00 | — | 0.01 | Feb 27, 2014 | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | |||
| CVE-2014-0743 | 0.00 | — | 0.01 | Feb 27, 2014 | The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | |||
| CVE-2014-0742 | 0.00 | — | 0.00 | Feb 27, 2014 | The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||
| CVE-2014-0741 | 0.00 | — | 0.00 | Feb 27, 2014 | The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | |||
| CVE-2014-0740 | 0.00 | — | 0.01 | Feb 27, 2014 | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of… | |||
| CVE-2014-0739 | 0.00 | — | 0.01 | Feb 22, 2014 | Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP… | |||
| CVE-2014-0738 | 0.00 | — | 0.01 | Feb 22, 2014 | The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. | |||
| CVE-2014-0737 | 0.00 | — | 0.01 | Feb 22, 2014 | The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | |||
| CVE-2014-0731 | 0.00 | — | 0.02 | Feb 22, 2014 | The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | |||
| CVE-2014-0730 | 0.00 | — | 0.00 | Feb 22, 2014 | Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | |||
| CVE-2014-0721 | 0.00 | — | 0.03 | Feb 22, 2014 | The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | |||
| CVE-2014-0720 | 0.00 | — | 0.01 | Feb 22, 2014 | Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. | |||
| CVE-2014-0719 | 0.00 | — | 0.02 | Feb 22, 2014 | The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. |
- CVE-2014-2145Apr 5, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
- CVE-2014-2144Apr 5, 2014risk 0.00cvss —epss 0.01
Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.
- CVE-2014-2143Apr 4, 2014risk 0.00cvss —epss 0.02
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.
- CVE-2014-2117Apr 4, 2014risk 0.00cvss —epss 0.02
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.
- CVE-2014-2116Apr 4, 2014risk 0.00cvss —epss 0.02
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.
- CVE-2014-2115Apr 4, 2014risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.
- CVE-2014-2114Apr 4, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
- CVE-2014-2138Apr 2, 2014risk 0.00cvss —epss 0.01
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.
- CVE-2014-2137Apr 2, 2014risk 0.00cvss —epss 0.01
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.
- CVE-2014-2125Apr 2, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
- CVE-2014-2131Mar 29, 2014risk 0.00cvss —epss 0.01
The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.
- CVE-2014-2118Mar 27, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.
- CVE-2014-2113Mar 27, 2014risk 0.00cvss —epss 0.02
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.
- CVE-2014-2112Mar 27, 2014risk 0.00cvss —epss 0.02
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.
- CVE-2014-2111Mar 27, 2014risk 0.00cvss —epss 0.02
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.
- CVE-2014-2109Mar 27, 2014risk 0.00cvss —epss 0.02
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
- CVE-2014-2108Mar 27, 2014risk 0.00cvss —epss 0.02
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
- CVE-2014-2107Mar 27, 2014risk 0.00cvss —epss 0.02
Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.
- CVE-2014-2106Mar 27, 2014risk 0.00cvss —epss 0.02
Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
- CVE-2014-2124Mar 21, 2014risk 0.00cvss —epss 0.02
Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.
- CVE-2014-2119Mar 21, 2014risk 0.00cvss —epss 0.03
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated…
- CVE-2014-0708Mar 21, 2014risk 0.00cvss —epss 0.01
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID…
- CVE-2014-2122Mar 19, 2014risk 0.00cvss —epss 0.03
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999.
- CVE-2014-2121Mar 19, 2014risk 0.00cvss —epss 0.03
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.
- CVE-2014-0694Mar 14, 2014risk 0.00cvss —epss 0.01
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs…
- CVE-2014-0707Mar 6, 2014risk 0.00cvss —epss 0.01
Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.
- CVE-2014-0706Mar 6, 2014risk 0.00cvss —epss 0.01
Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.
- CVE-2014-0705Mar 6, 2014risk 0.00cvss —epss 0.02
The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug…
- CVE-2014-0704Mar 6, 2014risk 0.00cvss —epss 0.01
The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an…
- CVE-2014-0703Mar 6, 2014risk 0.00cvss —epss 0.02
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point…
- CVE-2014-0701Mar 6, 2014risk 0.00cvss —epss 0.01
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.
- CVE-2014-2104Mar 2, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536,…
- CVE-2014-2103Feb 27, 2014risk 0.00cvss —epss 0.01
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.
- CVE-2014-0679Feb 27, 2014risk 0.00cvss —epss 0.02
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.
- CVE-2014-2102Feb 27, 2014risk 0.00cvss —epss 0.01
Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.
- CVE-2014-0747Feb 27, 2014risk 0.00cvss —epss 0.00
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
- CVE-2014-0746Feb 27, 2014risk 0.00cvss —epss 0.01
The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.
- CVE-2014-0745Feb 27, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
- CVE-2014-0743Feb 27, 2014risk 0.00cvss —epss 0.01
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
- CVE-2014-0742Feb 27, 2014risk 0.00cvss —epss 0.00
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.
- CVE-2014-0741Feb 27, 2014risk 0.00cvss —epss 0.00
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
- CVE-2014-0740Feb 27, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of…
- CVE-2014-0739Feb 22, 2014risk 0.00cvss —epss 0.01
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP…
- CVE-2014-0738Feb 22, 2014risk 0.00cvss —epss 0.01
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
- CVE-2014-0737Feb 22, 2014risk 0.00cvss —epss 0.01
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.
- CVE-2014-0731Feb 22, 2014risk 0.00cvss —epss 0.02
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
- CVE-2014-0730Feb 22, 2014risk 0.00cvss —epss 0.00
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.
- CVE-2014-0721Feb 22, 2014risk 0.00cvss —epss 0.03
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
- CVE-2014-0720Feb 22, 2014risk 0.00cvss —epss 0.01
Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.
- CVE-2014-0719Feb 22, 2014risk 0.00cvss —epss 0.02
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.
Page 115 of 145