VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2014-0718Feb 22, 2014
    risk 0.00cvss epss 0.02

    The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.

  • CVE-2014-0710Feb 22, 2014
    risk 0.00cvss epss 0.01

    Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.

  • CVE-2014-0709Feb 22, 2014
    risk 0.00cvss epss 0.02

    Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.

  • CVE-2014-0733Feb 20, 2014
    risk 0.00cvss epss 0.02

    The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

  • CVE-2014-0736Feb 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make…

  • CVE-2014-0735Feb 20, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

  • CVE-2014-0734Feb 20, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

  • CVE-2014-0732Feb 20, 2014
    risk 0.00cvss epss 0.02

    The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID…

  • CVE-2014-0729Feb 13, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.

  • CVE-2014-0728Feb 13, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.

  • CVE-2014-0727Feb 13, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.

  • CVE-2014-0726Feb 13, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.

  • CVE-2014-0725Feb 13, 2014
    risk 0.00cvss epss 0.01

    Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.

  • CVE-2014-0724Feb 13, 2014
    risk 0.00cvss epss 0.01

    The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

  • CVE-2014-0723Feb 13, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.

  • CVE-2014-0722Feb 13, 2014
    risk 0.00cvss epss 0.02

    The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.

  • CVE-2014-0686Feb 4, 2014
    risk 0.00cvss epss 0.00

    Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

  • CVE-2014-0682Jan 29, 2014
    risk 0.00cvss epss 0.02

    Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.

  • CVE-2014-0681Jan 29, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages,…

  • CVE-2014-0680Jan 29, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.

  • CVE-2014-0678Jan 25, 2014
    risk 0.00cvss epss 0.01

    The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

  • CVE-2014-0673Jan 25, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.

  • CVE-2014-0674Jan 24, 2014
    risk 0.00cvss epss 0.02

    Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system…

  • CVE-2014-0675Jan 23, 2014
    risk 0.00cvss epss 0.02

    The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging…

  • CVE-2014-0677Jan 22, 2014
    risk 0.00cvss epss 0.02

    The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

  • CVE-2014-0676Jan 22, 2014
    risk 0.00cvss epss 0.00

    Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

  • CVE-2014-0662Jan 22, 2014
    risk 0.00cvss epss 0.02

    The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

  • CVE-2014-0661Jan 22, 2014
    risk 0.00cvss epss 0.02

    The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack…

  • CVE-2014-0660Jan 22, 2014
    risk 0.00cvss epss 0.02

    Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.

  • CVE-2014-0672Jan 22, 2014
    risk 0.00cvss epss 0.02

    The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.

  • CVE-2014-0671Jan 22, 2014
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.

  • CVE-2014-0670Jan 22, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

  • CVE-2014-0669Jan 22, 2014
    risk 0.00cvss epss 0.02

    The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.

  • CVE-2014-0668Jan 20, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.

  • CVE-2014-0667Jan 16, 2014
    risk 0.00cvss epss 0.01

    The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.

  • CVE-2014-0666Jan 16, 2014
    risk 0.00cvss epss 0.06

    Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

  • CVE-2014-0650Jan 16, 2014
    risk 0.00cvss epss 0.03

    The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

  • CVE-2014-0649Jan 16, 2014
    risk 0.00cvss epss 0.03

    The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.

  • CVE-2014-0648Jan 16, 2014
    risk 0.00cvss epss 0.06

    The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

  • CVE-2013-6687Jan 16, 2014
    risk 0.00cvss epss 0.01

    The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876.

  • CVE-2013-2139Jan 16, 2014
    risk 0.00cvss epss 0.03

    Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

  • CVE-2014-0665Jan 15, 2014
    risk 0.00cvss epss 0.01

    The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to…

  • CVE-2014-0664Jan 10, 2014
    risk 0.00cvss epss 0.03

    The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.

  • CVE-2014-0663Jan 10, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

  • CVE-2014-0658Jan 10, 2014
    risk 0.00cvss epss 0.03

    Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.

  • CVE-2013-6974Jan 10, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.

  • CVE-2014-0657Jan 8, 2014
    risk 0.00cvss epss 0.02

    The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID…

  • CVE-2014-0656Jan 8, 2014
    risk 0.00cvss epss 0.02

    Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.

  • CVE-2014-0655Jan 8, 2014
    risk 0.00cvss epss 0.02

    The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.

  • CVE-2014-0654Jan 8, 2014
    risk 0.00cvss epss 0.02

    Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.

Page 116 of 145