VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,229 total · sorted by risk
  • CVE-2012-4121Oct 14, 2013
    risk 0.00cvss epss 0.00

    Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.

  • CVE-2012-4099Oct 14, 2013
    risk 0.00cvss epss 0.02

    The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.

  • CVE-2012-4097Oct 14, 2013
    risk 0.00cvss epss 0.02

    The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.

  • CVE-2012-4077Oct 14, 2013
    risk 0.00cvss epss 0.00

    Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.

  • CVE-2012-4076Oct 14, 2013
    risk 0.00cvss epss 0.00

    Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.

  • CVE-2013-5515Oct 13, 2013
    risk 0.00cvss epss 0.01

    The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service…

  • CVE-2013-5513Oct 13, 2013
    risk 0.00cvss epss 0.02

    Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.3), and 9.1.x before 9.1(1.8), when the DNS ALPI engine is enabled for…

  • CVE-2013-5512Oct 13, 2013
    risk 0.00cvss epss 0.01

    Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before…

  • CVE-2013-5511Oct 13, 2013
    risk 0.00cvss epss 0.02

    The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before…

  • CVE-2013-5510Oct 13, 2013
    risk 0.00cvss epss 0.01

    The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an…

  • CVE-2013-5509Oct 13, 2013
    risk 0.00cvss epss 0.02

    The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468.

  • CVE-2013-5508Oct 13, 2013
    risk 0.00cvss epss 0.02

    The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x…

  • CVE-2013-5507Oct 13, 2013
    risk 0.00cvss epss 0.01

    The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during…

  • CVE-2013-5506Oct 13, 2013
    risk 0.00cvss epss 0.00

    The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080.

  • CVE-2013-3415Oct 13, 2013
    risk 0.00cvss epss 0.01

    Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage…

  • CVE-2012-4108Oct 13, 2013
    risk 0.00cvss epss 0.00

    The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.

  • CVE-2012-4107Oct 13, 2013
    risk 0.00cvss epss 0.00

    The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489.

  • CVE-2012-4106Oct 13, 2013
    risk 0.00cvss epss 0.00

    The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.

  • CVE-2012-4105Oct 13, 2013
    risk 0.00cvss epss 0.00

    The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468.

  • CVE-2013-5533Oct 11, 2013
    risk 0.00cvss epss 0.00

    The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

  • CVE-2013-5532Oct 11, 2013
    risk 0.00cvss epss 0.02

    Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.

  • CVE-2013-5527Oct 10, 2013
    risk 0.00cvss epss 0.01

    The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.

  • CVE-2013-5526Oct 10, 2013
    risk 0.00cvss epss 0.02

    Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698.

  • CVE-2013-5525Oct 10, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.

  • CVE-2013-5524Oct 10, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.

  • CVE-2013-5523Oct 10, 2013
    risk 0.00cvss epss 0.01

    The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a…

  • CVE-2013-5499Oct 10, 2013
    risk 0.00cvss epss 0.01

    The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.

  • CVE-2013-3409Oct 10, 2013
    risk 0.00cvss epss 0.00

    The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230.

  • CVE-2012-4141Oct 5, 2013
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.

  • CVE-2012-4122Oct 5, 2013
    risk 0.00cvss epss 0.00

    The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.

  • CVE-2012-4098Oct 5, 2013
    risk 0.00cvss epss 0.02

    The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.

  • CVE-2012-4091Oct 5, 2013
    risk 0.00cvss epss 0.03

    The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.

  • CVE-2012-4090Oct 5, 2013
    risk 0.00cvss epss 0.02

    The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.

  • CVE-2012-4084Oct 5, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.

  • CVE-2012-4075Oct 5, 2013
    risk 0.00cvss epss 0.00

    Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

  • CVE-2013-5519Oct 3, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

  • CVE-2012-4136Oct 3, 2013
    risk 0.00cvss epss 0.01

    The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service…

  • CVE-2013-5517Oct 2, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567.

  • CVE-2013-5503Oct 2, 2013
    risk 0.00cvss epss 0.01

    The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

  • CVE-2012-4111Oct 2, 2013
    risk 0.00cvss epss 0.00

    The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563.

  • CVE-2012-4110Oct 2, 2013
    risk 0.00cvss epss 0.00

    run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.

  • CVE-2012-4109Oct 2, 2013
    risk 0.00cvss epss 0.00

    The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.

  • CVE-2012-4104Oct 2, 2013
    risk 0.00cvss epss 0.00

    Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.

  • CVE-2012-4103Oct 2, 2013
    risk 0.00cvss epss 0.00

    ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.

  • CVE-2012-4102Oct 2, 2013
    risk 0.00cvss epss 0.00

    The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600.

  • CVE-2012-4095Oct 2, 2013
    risk 0.00cvss epss 0.00

    The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.

  • CVE-2013-5516Oct 1, 2013
    risk 0.00cvss epss 0.02

    The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.

  • CVE-2012-4096Oct 1, 2013
    risk 0.00cvss epss 0.00

    The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.

  • CVE-2013-5505Sep 30, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.

  • CVE-2013-5504Sep 30, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.

Page 119 of 145