VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,228 total · sorted by risk
  • CVE-2014-0652Jan 8, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

  • CVE-2014-0651Jan 8, 2014
    risk 0.00cvss epss 0.02

    The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.

  • CVE-2013-6982Jan 8, 2014
    risk 0.00cvss epss 0.03

    The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka…

  • CVE-2013-6983Dec 31, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.

  • CVE-2013-6981Dec 28, 2013
    risk 0.00cvss epss 0.03

    Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.

  • CVE-2013-6979Dec 23, 2013
    risk 0.00cvss epss 0.04

    The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID…

  • CVE-2013-6978Dec 21, 2013
    risk 0.00cvss epss 0.02

    The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

  • CVE-2012-4135Dec 21, 2013
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

  • CVE-2012-4131Dec 21, 2013
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.

  • CVE-2013-6701Dec 18, 2013
    risk 0.00cvss epss 0.02

    The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network…

  • CVE-2013-6966Dec 17, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.

  • CVE-2013-6973Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.

  • CVE-2013-6972Dec 14, 2013
    risk 0.00cvss epss 0.03

    Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.

  • CVE-2013-6971Dec 14, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.

  • CVE-2013-6970Dec 14, 2013
    risk 0.00cvss epss 0.01

    Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.

  • CVE-2013-6969Dec 14, 2013
    risk 0.00cvss epss 0.02

    The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.

  • CVE-2013-6968Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.

  • CVE-2013-6967Dec 14, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020.

  • CVE-2013-6965Dec 14, 2013
    risk 0.00cvss epss 0.02

    The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka…

  • CVE-2013-6964Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.

  • CVE-2013-6963Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.

  • CVE-2013-6962Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

  • CVE-2013-6961Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.

  • CVE-2013-6960Dec 14, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

  • CVE-2013-6959Dec 14, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.

  • CVE-2013-6711Dec 14, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.

  • CVE-2013-6710Dec 14, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.

  • CVE-2013-6709Dec 14, 2013
    risk 0.00cvss epss 0.02

    The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID…

  • CVE-2012-3047Dec 10, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6708Dec 10, 2013
    risk 0.00cvss epss 0.03

    Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889.

  • CVE-2013-6707Dec 7, 2013
    risk 0.00cvss epss 0.03

    Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID…

  • CVE-2013-6702Dec 4, 2013
    risk 0.00cvss epss 0.02

    The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.

  • CVE-2013-6705Dec 3, 2013
    risk 0.00cvss epss 0.01

    The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

  • CVE-2013-6704Dec 3, 2013
    risk 0.00cvss epss 0.01

    Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.

  • CVE-2013-6703Dec 3, 2013
    risk 0.00cvss epss 0.01

    The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787.

  • CVE-2013-6690Dec 3, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.

  • CVE-2013-6696Dec 2, 2013
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

  • CVE-2013-6695Dec 2, 2013
    risk 0.00cvss epss 0.01

    The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the…

  • CVE-2013-6706Nov 29, 2013
    risk 0.00cvss epss 0.02

    The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

  • CVE-2013-6700Nov 29, 2013
    risk 0.00cvss epss 0.01

    The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

  • CVE-2013-3394Nov 27, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429.

  • CVE-2013-6699Nov 22, 2013
    risk 0.00cvss epss 0.01

    The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880.

  • CVE-2013-6698Nov 22, 2013
    risk 0.00cvss epss 0.01

    The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame…

  • CVE-2013-6694Nov 22, 2013
    risk 0.00cvss epss 0.01

    The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918.

  • CVE-2013-6693Nov 22, 2013
    risk 0.00cvss epss 0.01

    The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345.

  • CVE-2013-6692Nov 22, 2013
    risk 0.00cvss epss 0.01

    Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.

  • CVE-2013-6689Nov 18, 2013
    risk 0.00cvss epss 0.00

    Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

  • CVE-2013-6688Nov 18, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

  • CVE-2013-6686Nov 18, 2013
    risk 0.00cvss epss 0.01

    The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568.

  • CVE-2013-5556Nov 18, 2013
    risk 0.00cvss epss 0.00

    The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain…

Page 117 of 145